diff options
Diffstat (limited to 'programs/showpolicy')
| -rw-r--r-- | programs/showpolicy/.cvsignore | 1 | ||||
| -rw-r--r-- | programs/showpolicy/Makefile | 38 | ||||
| -rw-r--r-- | programs/showpolicy/showpolicy.8 | 41 | ||||
| -rw-r--r-- | programs/showpolicy/showpolicy.c | 251 |
4 files changed, 0 insertions, 331 deletions
diff --git a/programs/showpolicy/.cvsignore b/programs/showpolicy/.cvsignore deleted file mode 100644 index e4fad4e23..000000000 --- a/programs/showpolicy/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -showpolicy diff --git a/programs/showpolicy/Makefile b/programs/showpolicy/Makefile deleted file mode 100644 index b3ea5a0a8..000000000 --- a/programs/showpolicy/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -# Makefile for the KLIPS interface utilities -# Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:31 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=showpolicy -EXTRA5PROC=${PROGRAM}.8 - -LIBS=${POLICYLIB} ${FREESWANLIB} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:31 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.2 2003/05/14 02:12:27 mcr -# addition of CGI-focused interface to policy lookup interface -# -# Revision 1.1 2003/05/11 00:45:08 mcr -# program to interogate ipsec policy of stdin. -# run this from inetd. -# -# diff --git a/programs/showpolicy/showpolicy.8 b/programs/showpolicy/showpolicy.8 deleted file mode 100644 index 4fbc2e40e..000000000 --- a/programs/showpolicy/showpolicy.8 +++ /dev/null @@ -1,41 +0,0 @@ -.TH IPSEC_SHOWPOLICY 8 "7 May 2003" -.\" -.\" RCSID $Id: showpolicy.8,v 1.1 2004/03/15 20:35:31 as Exp $ -.\" -.SH NAME -ipsec showpolicy \- dump policy of socket found as stdin -.SH SYNOPSIS -.PP -.B ipsec -.B showpolicy -.PP -.SH DESCRIPTION -.I showpolicy -calls the -.IR ipsec_policy_lookup (3) -function on the file description which is its stdin. -.PP -It then dumps the resulting query in a human readable form. -.PP -This is a test program. One might run it from inetd, via: -.TP -discard stream tcp nowait nobody /usr/local/libexec/ipsec/showpolicy showpolicy -.SH FILES -/var/run/ipsecpolicy.ctl -.SH "SEE ALSO" -ipsec(8), ipsec_policy_query(3), ipsec_pluto(8) -.SH HISTORY -Written for the Linux FreeS/WAN project -<http://www.freeswan.org/> -by Michael Richardson -.SH BUGS -.\" -.\" $Log: showpolicy.8,v $ -.\" Revision 1.1 2004/03/15 20:35:31 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.1 2003/05/11 00:45:08 mcr -.\" program to interogate ipsec policy of stdin. -.\" run this from inetd. -.\" -.\" diff --git a/programs/showpolicy/showpolicy.c b/programs/showpolicy/showpolicy.c deleted file mode 100644 index 114cc3936..000000000 --- a/programs/showpolicy/showpolicy.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - * A program to dump the IPsec status of the socket found on stdin. - * Run me from inetd, for instance. - * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char showpolicy_version[] = "RCSID $Id: showpolicy.c,v 1.1 2004/03/15 20:35:31 as Exp $"; - -#include <stdio.h> -#include <unistd.h> -#include <stdlib.h> -#include <sys/socket.h> -#include <getopt.h> -#include "freeswan.h" -#include "freeswan/ipsec_policy.h" - -char *program_name; - -static void -help(void) -{ - fprintf(stderr, - "Usage:\n\n" - "showpolicy" - " [--cgi] lookup the particulars from CGI variables.\n" - " [--socket] lookup the particulars from the socket on stdin.\n" - " [--textual] dump output in human friendly form\n" - " [--plaintext X] string to dump if no security\n" - " [--vpntext X] string to dump if VPN configured tunnel\n" - " [--privacytext X] string to dump if just plain DNS OE\n" - " [--dnssectext X] string to dump if just DNSSEC OE\n" - "\n\n" - "FreeS/WAN %s\n", - ipsec_version_code()); -} - -static const struct option long_opts[] = { - /* name, has_arg, flag, val */ - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, 'V' }, - { "socket", no_argument, NULL, 'i' }, - { "cgi", no_argument, NULL, 'g' }, - { "textual", no_argument, NULL, 't' }, - { "plaintext", required_argument, NULL, 'c' }, - { "vpntext", required_argument, NULL, 'v' }, - { "privacytext", required_argument, NULL, 'p' }, - { "dnssectext", required_argument, NULL, 's' }, - { 0,0,0,0 } -}; - -void dump_policyreply(struct ipsec_policy_cmd_query *q) -{ - char src[ADDRTOT_BUF], dst[ADDRTOT_BUF]; - - /* now print it! */ - addrtot(&q->query_local, 0, src, sizeof(src)); - addrtot(&q->query_remote, 0, dst, sizeof(dst)); - - printf("Results of query on %s -> %s with seq %d\n", - src, dst, q->head.ipm_msg_seq); - - printf("Received reply of %d bytes.\n", q->head.ipm_msg_len); - - printf("Strength: %d\n", q->strength); - printf("Bandwidth: %d\n", q->bandwidth); - printf("authdetail: %d\n", q->auth_detail); - printf("esp_detail: %d\n", q->esp_detail); - printf("comp_detail: %d\n",q->comp_detail); - - printf("credentials: %d\n", q->credential_count); - if(q->credential_count > 0) { - int c; - - for(c=0; c<q->credential_count; c++) { - switch(q->credentials[c].ii_format) { - case CERT_DNS_SIGNED_KEY: - printf("\tDNSSEC identity: %s (SIG %s)\n", - q->credentials[c].ii_credential.ipsec_dns_signed.fqdn, - q->credentials[c].ii_credential.ipsec_dns_signed.dns_sig); - break; - - case CERT_RAW_RSA: - printf("\tlocal identity: %s\n", - q->credentials[c].ii_credential.ipsec_raw_key.id_name); - - case CERT_NONE: - printf("\tDNS identity: %s\n", - q->credentials[c].ii_credential.ipsec_dns_signed.fqdn); - break; - - default: - printf("\tUnknown identity type %d", q->credentials[c].ii_format); - break; - } - } - } -} - - -int main(int argc, char *argv[]) -{ - struct ipsec_policy_cmd_query q; - err_t ret; - int c; - - /* set the defaults */ - char lookup_style = 'i'; - char output_style = 's'; - - char *plaintext = "clear"; - char *vpntext = "vpn"; - char *privacytext = "private"; - char *dnssectext = "secure"; - - while((c = getopt_long(argc, argv, "hVighc:v:p:s:", long_opts, 0))!=EOF) { - switch (c) { - default: - case 'h': /* --help */ - help(); - return 0; /* GNU coding standards say to stop here */ - - case 'V': /* --version */ - fprintf(stderr, "FreeS/WAN %s\n", ipsec_version_code()); - return 0; /* GNU coding standards say to stop here */ - - case 'i': - if(isatty(0)) { - printf("please run this connected to a socket\n"); - exit(1); - } - - lookup_style = 'i'; - break; - - case 'g': - lookup_style = 'g'; - break; - - case 't': - output_style = 't'; - break; - - case 'c': - plaintext = optarg; - break; - - case 'v': - vpntext = optarg; - break; - - case 'p': - privacytext = optarg; - break; - - case 's': - dnssectext = optarg; - break; - } - } - - if((ret = ipsec_policy_init()) != NULL) { - perror(ret); - exit(2); - } - - switch(lookup_style) { - case 'i': - if((ret = ipsec_policy_lookup(0, &q)) != NULL) { - perror(ret); - exit(3); - } - break; - - case 'g': - if((ret = ipsec_policy_cgilookup(&q)) != NULL) { - perror(ret); - exit(3); - } - break; - - default: - abort(); - break; - } - - - if(output_style == 't') { - dump_policyreply(&q); - } else { - /* start by seeing if there was any crypto */ - if(q.strength < IPSEC_PRIVACY_PRIVATE) { - /* no, so say clear */ - puts(plaintext); - exit(0); - } - - /* we now it is crypto, but authentic is it? */ - if(q.credential_count == 0) { - puts(vpntext); - exit(0); - } - - switch(q.credentials[0].ii_format) { - case CERT_DNS_SIGNED_KEY: - puts(dnssectext); - exit(0); - - case CERT_RAW_RSA: - puts(vpntext); - exit(0); - - default: - puts(privacytext); - exit(0); - } - } - - exit(0); -} - -/* - * $Log: showpolicy.c,v $ - * Revision 1.1 2004/03/15 20:35:31 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.4 2003/05/14 15:46:44 mcr - * switch statement was missing break statements and was running on. - * - * Revision 1.3 2003/05/14 02:12:27 mcr - * addition of CGI-focused interface to policy lookup interface - * - * Revision 1.2 2003/05/13 03:25:34 mcr - * print credentials, if any were provided. - * - * Revision 1.1 2003/05/11 00:45:08 mcr - * program to interogate ipsec policy of stdin. - * run this from inetd. - * - * - * - */ |