4 files changed, 0 insertions, 387 deletions
diff --git a/programs/showhostkey/.cvsignore b/programs/showhostkey/.cvsignore
deleted file mode 100644
index 8496cd633..000000000
--- a/programs/showhostkey/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-showhostkey
diff --git a/programs/showhostkey/Makefile b/programs/showhostkey/Makefile
deleted file mode 100644
index db819c906..000000000
--- a/programs/showhostkey/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-# Makefile for miscelaneous programs
-# Copyright (C) 2002  Michael Richardson	<mcr@freeswan.org>
-# 
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:31 as Exp $
-
-FREESWANSRCDIR=../..
-include ${FREESWANSRCDIR}/Makefile.inc
-
-PROGRAM=showhostkey
-
-include ../Makefile.program
-
-#
-# $Log: Makefile,v $
-# Revision 1.1  2004/03/15 20:35:31  as
-# added files from freeswan-2.04-x509-1.5.3
-#
-# Revision 1.2  2002/06/02 21:51:41  mcr
-# 	changed TOPDIR->FREESWANSRCDIR in all Makefiles.
-# 	(note that linux/net/ipsec/Makefile uses TOPDIR because this is the
-# 	kernel sense.)
-#
-# Revision 1.1  2002/04/24 07:55:32  mcr
-# 	#include patches and Makefiles for post-reorg compilation.
-#
-#
-#
-
diff --git a/programs/showhostkey/showhostkey.8 b/programs/showhostkey/showhostkey.8
deleted file mode 100644
index 2c0043fca..000000000
--- a/programs/showhostkey/showhostkey.8
+++ /dev/null
@@ -1,168 +0,0 @@
-.TH IPSEC_SHOWHOSTKEY 8 "5 March 2002"
-.\" RCSID $Id: showhostkey.8,v 1.1 2004/03/15 20:35:31 as Exp $
-.SH NAME
-ipsec showhostkey \- show host's authentication key
-.SH SYNOPSIS
-.B ipsec
-.B showhostkey
-[
-.B \-\-key
-] [
-.B \-\-left
-] [
-.B \-\-right
-] [
-.B \-\-txt
-gateway
-] [
-.B \-\-dhclient
-] [
-.B \-\-file
-secretfile
-] [
-.B \-\-id
-identity
-]
-.SH DESCRIPTION
-.I Showhostkey
-outputs (on standard output) a public key suitable for this host,
-in the format specified,
-using the host key information stored in
-.IR /etc/ipsec.secrets .
-In general only the super-user can run this command,
-since only he can read
-.IR ipsec.secrets .
-.PP
-The
-.B \-\-txt
-option causes the output to be in opportunistic-encryption DNS TXT record
-format,
-with the specified
-.I gateway
-value.
-If information about how the key was generated is available,
-that is provided as a DNS-file comment.
-For example,
-.B "\-\-txt 10.11.12.13"
-might give (with the key data trimmed for clarity):
-.PP
-.nf
-  ; RSA 2048 bits   xy.example.com   Sat Apr 15 13:53:22 2000
-      IN TXT  "X-IPsec-Server(10)=10.11.12.13 AQOF8tZ2...+buFuFn/"
-.fi
-.PP
-No name is supplied in the TXT record
-because there are too many possibilities,
-depending on how it will be used.
-If the text string is longer than 255 bytes,
-it is split up into multiple strings (matching the restrictions of
-the DNS TXT binary format).
-If any split is needed, the first split will be at the start of the key:
-this increases the chances that later hand editing will work.
-.PP
-The
-.B \-\-left
-and
-.B \-\-right
-options cause the output to be in
-.IR ipsec.conf (5)
-format, as a
-.B leftrsasigkey
-or
-.B rightrsasigkey
-parameter respectively.
-Again, generation information is included if available.
-For example,
-.B \-\-left
-might give (with the key data trimmed down for clarity):
-.PP
-.nf
-  # RSA 2048 bits   xy.example.com   Sat Apr 15 13:53:22 2000
-  leftrsasigkey=0sAQOF8tZ2...+buFuFn/
-.fi
-.PP
-The
-.B \-\-dhclient
-option cause the output to be suitable for inclusion in
-.IR dhclient.conf (5)
-as part of configuring WAVEsec.
-See <http://www.wavesec.org>.
-.PP
-If
-.B \-\-key
-is specified,
-the output format is the text form of a DNS KEY record;
-the host name is the one included in the key information
-(or, if that is not available,
-the output of
-.BR "hostname\ \-\-fqdn" ),
-with a
-.B \&.
-appended.
-Again, generation information is included if available.
-For example (with the key data trimmed down for clarity):
-.PP
-.nf
-  ; RSA 2048 bits   xy.example.com   Sat Apr 15 13:53:22 2000
-  xy.example.com.   IN   KEY   0x4200 4 1 AQOF8tZ2...+buFuFn/
-.fi
-.PP
-Normally, the default key for this host
-(the one with no host identities specified for it) is the one extracted.
-The
-.B \-\-id
-option overrides this,
-causing extraction of the key labeled with the specified
-.IR identity ,
-if any.
-The specified
-.I identity
-must
-.I exactly
-match the identity in the file;
-in particular, the comparison is case-sensitive.
-.PP
-The
-.B \-\-file
-option overrides the default for where the key information should be
-found, and takes it from the specified
-.IR secretfile .
-.SH DIAGNOSTICS
-A complaint about ``no pubkey line found'' indicates that the
-host has a key but it was generated with an old version of FreeS/WAN
-and does not contain the information that
-.I showhostkey
-needs.
-.SH FILES
-/etc/ipsec.secrets
-.SH SEE ALSO
-ipsec.secrets(5), ipsec.conf(5), ipsec_rsasigkey(8)
-.SH HISTORY
-Written for the Linux FreeS/WAN project
-<http://www.freeswan.org>
-by Henry Spencer.
-.SH BUGS
-Arguably,
-rather than just reporting the no-IN-KEY-line-found problem,
-.I showhostkey
-should be smart enough to run the existing key through
-.I rsasigkey
-with the
-.B \-\-oldkey
-option, to generate a suitable output line.
-.PP
-The need to specify the gateway address (etc.) for
-.B \-\-txt
-is annoying, but there is no good way to determine it automatically.
-.PP
-There should be a way to specify the priority value for TXT records;
-currently it is hardwired to
-.BR 10 .
-.PP
-The
-.B \-\-id
-option assumes that the
-.I identity
-appears on the same line as the
-.B ":\ RSA\ {"
-that begins the key proper.
diff --git a/programs/showhostkey/showhostkey.in b/programs/showhostkey/showhostkey.in
deleted file mode 100755
index 7194363e8..000000000
--- a/programs/showhostkey/showhostkey.in
+++ /dev/null
@@ -1,180 +0,0 @@
-#! /bin/sh
-# show key for this host, in DNS (or other) format
-# Copyright (C) 2000, 2001  Henry Spencer.
-# 
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: showhostkey.in,v 1.1 2004/03/15 20:35:31 as Exp $
-
-me="ipsec showhostkey"
-usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]
-                  [--dhclient]"
-
-file=/etc/ipsec.secrets
-fmt=""
-gw=
-id=
-for dummy
-do
-	case "$1" in
-	--key)	fmt="dns"		;;
-	--file)	file="$2" ; shift	;;
-	--left)	fmt="left"		;;
-	--right)	fmt="right"	;;
-	--dhclient)	fmt="dhclient"	;;
-	--txt)	fmt="txt" ; gw="$2" ; shift	;;
-	--wavesec) fmt="wavesec" ;;
-	--id)	id="$2" ; shift		;;
-	--version)	echo "$me $IPSEC_VERSION" ; exit 0	;;
-	--help)	echo "$usage" ; exit 0	;;
-	--)	shift ; break		;;
-	-*)	echo "$me: unknown option \`$1'" >&2 ; exit 2	;;
-	*)	break			;;
-	esac
-	shift
-done
-if test " $fmt" = " "
-then
-	echo "$me: must specify a format for the result" >&2
-	exit 2
-fi
-if test " $fmt" = " txt" -a " $gw" = " "
-then
-	echo "$me: --txt gateway value cannot be empty" >&2
-	exit 2
-fi
-
-if test ! -f $file
-then
-	echo "$me: file \`$file' does not exist" >&2
-	exit 1
-elif test ! -r $file
-then
-	echo "$me: permission denied (cannot read \`$file')" >&2
-	exit 1
-fi
-
-host="`hostname --fqdn`"
-
-awk '	BEGIN {
-		inkey = 0
-		seenkey = 0
-		nfound = 0
-		err = "cat >&2"
-		me = "'"$me"'"
-		host = "'"$host"'"
-		file = "'"$file"'"
-		fmt = "'"$fmt"'"
-		gw = "'"$gw"'"
-		id = "'"$id"'"
-		comment = ""
-		s = "[ \t]+"
-		os = "[ \t]*"
-		x = "[^ \t]+"
-		oc = "(#.*)?"
-		suffix = ":" os "[rR][sS][aA]" os "{" os oc "$"
-		if (id == "") {
-			pat = "^" suffix
-			printid = "default"
-		} else {
-			pat = "^(" x s ")*" id "(" s x ")*" os suffix
-			printid = quote(id)
-		}
-		paydirt = "^[ \t]+#pubkey=0s"
-		status = 0
-	}
-	$0 ~ pat {
-		inkey = 1
-		seenkey = 1
-	}
-	/^[ \t]+}$/ {
-		inkey = 0
-	}
-	inkey && $0 ~ /^[ \t]+# RSA [0-9]+ bits/ {
-		comment = $0
-		if (fmt == "dns" || fmt == "txt" || fmt == "dhclient")
-			sub(/^[ \t]+#/, "#", comment)
-		host = $5
-	}
-	inkey && $0 ~ /^[ \t]+#pubkey=0s/ {
-		
-	}
-	inkey && fmt == "dns" && $0 ~ paydirt {
-		out = $0
-		sub(paydirt, (host ".\tIN\tKEY\t0x4200 4 1 "), out)
-		nfound++
-	}
-	inkey && fmt == "dhclient" && $0 ~ paydirt {
-		# NOT YET ADJUSTED TO KEY RR elimination
-		boilerplate = "option oe-key code 159 = string;\n" \
-			"option oe-gateway code 160 = ip-address;\n" \
-			"send oe-key = "
-		out = $0
-		sub(paydirt, "0x4200 4 1 ", out)
-		out = "option oe-key code 159 = string;\n" \
-			"option oe-gateway code 160 = ip-address;\n" \
-			"send oe-key = " quote(out) ";"
-		nfound++
-	}
-	inkey && fmt == "txt" && $0 ~ paydirt {
-		if (gw !~ /^@/ && gw !~ /^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$/ )
-		{
-			grump("gateway must be @FQDN or IPv4 address, not " quote(gw))
-			exit(status)
-		}
-		out = $0
-		gsub(/[ \t]+/, " ", out)
-		sub(paydirt, "", out)
-		out = " " out
-		str = "X-IPsec-Server(10)=" gw 
-		if (length(str) < 255 && length(str) + length(out) > 255) {
-			str = " " quote(str)
-		} else {
-			out = str out
-			str = ""
-		}
-		while (length(out) > 255) {
-			str = str " " quote(substr(out, 1, 255))
-			out = substr(out, 256)
-		}
-		if (length(out) > 0)
-			str = str " " quote(out)
-		out = "\tIN\tTXT\t" substr(str, 2)
-		nfound++
-	}
-	inkey && (fmt == "left" || fmt == "right") && $0 ~ /^[ \t]+#pubkey=/ {
-		out = $0
-		sub(/^[ \t]+#pubkey=/, ("\t" fmt "rsasigkey="), out)
-		nfound++
-	}
-	function quote(s) {
-		return "\"" s "\""
-	}
-	function grump(s) {
-		print me ": " s |err
-		status = 1
-	}
-	END {
-		if (status != 0)
-			exit(status)
-		if (!seenkey)
-			grump("no " printid " key in " quote(file))
-		else if (nfound == 0) {
-			grump("no pubkey line found -- key information old?")
-		} else if (nfound > 1)
-			grump("multiple " printid " keys found!?!")
-		else {
-			if (comment != "")
-				print comment
-			print out
-		}
-		exit(status)
-	}' $file