move ipsec tools into .

3 files changed, 260 insertions, 0 deletions

diff --git a/sbin/startkey/Makefile b/sbin/startkey/Makefile
new file mode 100644
index 00000000000..87f7eed127a
--- /dev/null
+++ b/sbin/startkey/Makefile
@@ -0,0 +1,7 @@
+PROG=   startkey
+SRCS=   startkey.c
+
+CFLAGS+= -I${.CURDIR}/../photurisd
+MAN= startkey.1
+
+.include <bsd.prog.mk>
diff --git a/sbin/startkey/startkey.1 b/sbin/startkey/startkey.1
new file mode 100644
index 00000000000..d878d7d7175
--- /dev/null
+++ b/sbin/startkey/startkey.1
@@ -0,0 +1,128 @@
+.\" $OpenBSD: startkey.1,v 1.1 1998/11/14 23:37:30 deraadt Exp $
+.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"      This product includes software developed by Niels Provos.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd July 18, 1997
+.Dt STARTKEY 1
+.Os
+.Sh NAME
+.Nm startkey
+.Nd start keying with photurisd
+.Sh SYNOPSIS
+.Nm startkey
+.Op Fl d Ar directory
+.Ar options ...
+.Sh DESCRIPTION
+The
+.Nm startkey
+utility attemps to contact the
+.Xr photurisd 8
+daemon and initalize a key exchange. The flags are: 
+.Bl -tag -width Ds
+.It Fl d
+The
+.Fl d
+option specifies the directory in which
+.Nm photurisd
+looks for its startup files. The default is
+.Pa /etc/photuris/ .
+.El
+.Pp
+The options 
+.Nm dst ,
+.Nm port ,
+.Nm options ,
+.Nm tsrc ,
+.Nm tdst ,
+.Nm exchange_lifetime ,
+.Nm spi_lifetime
+and
+.Nm user
+are understood by the daemon.
+The meanings are as follows:
+.Bl -tag -width options -offset indent
+.It dst
+The destination IP address with which the exchange is to be established.
+.It port
+The port number of the destination
+.Nm photuris
+daemon.
+.It options
+The options to be used in the exchange. Possible values are
+.Nm enc
+and
+.Nm auth .
+.It tsrc
+If both
+.Nm tsrc
+and
+.Nm tdst
+(see below) are specified, a tunnel (IP over IP) is setup.  The
+.Nm tsrc
+option is a network address with netmask used for matching the source
+IP address of a packet.  When both the source and the destination
+addresses match their respective options the packet will be routed into the
+tunnel.
+.It tdst
+If both
+.Nm tsrc
+(see above) and
+.Nm tdst
+are specified, a tunnel (IP over IP) is setup.  The
+.Nm tdst
+option is a network address with netmask used for matching the destination
+IP address of a packet.  When both the source and the destination
+addresses match their respective options the packet will be routed into the
+tunnel.
+.It exchange_lifetime
+Determines the lifetime of the exchange. After an exchange expires
+no new SPIs are created, which means the transport or tunnel is torn down
+as soon as the current SPI times out (see
+.Nm spi_lifetime
+below).  The default value is gotten from the
+.Nm exchange_lifetime
+parameter given in
+.Pa photuris.conf .
+If it is not given there the default is 1800 seconds.
+.It spi_lifetime
+Determines the lifetime of each created SPI in the exchange.
+.It user
+The user name for whom the keying shall be done. Preconfigured
+secrets are taken from the users secret file.
+.El
+.Sh EXAMPLE
+startkey dst=169.200.12.23 options=auth
+.Sh FILES
+.Bl -tag -width /etc/photuris/photuris.pipe -compact
+.It /etc/photuris/photuris.pipe
+The FIFO in which keying requests are written.
+.El
+.Sh SEE ALSO
+.Xr photurisd 8 .
diff --git a/sbin/startkey/startkey.c b/sbin/startkey/startkey.c
new file mode 100644
index 00000000000..bbc0a4a6a27
--- /dev/null
+++ b/sbin/startkey/startkey.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * This code is originally from Angelos D. Keromytis, kermit@forthnet.gr
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: startkey.c,v 1.1 1998/11/14 23:37:30 deraadt Exp $";
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include "photuris.h"
+
+void
+usage(char *name)
+{
+	fprintf(stderr, "Usage: %s [-d dir] <options...>\n", name);
+	exit(0);
+}
+
+
+/*
+ * Just a program to start a key establishment session
+ */
+
+int
+main(int argc, char **argv)
+{
+	int fd, ch;
+	int i, len;
+
+	char *dir = PHOTURIS_DIR, *buffer;
+
+	while ((ch = getopt(argc, argv, "d:")) != -1)
+		switch((char)ch) {
+			case 'd':
+				dir = optarg;
+				break;
+			default:
+				usage(argv[0]);
+		}
+
+        if (argc - optind < 1)
+                usage(argv[0]);
+
+	argc -= optind;
+	argv += optind;
+
+	for (len=0, i=0; i<argc; i++) {
+	     if (strchr(argv[i], '=')  == NULL) {
+		  fprintf(stderr, "missing = in %s\n", argv[i]);
+		  exit(-1);
+	     }
+	     len += strlen(argv[i])+1;
+	}
+
+	if (chdir(dir) == -1) {
+		fprintf(stderr, "Can't change dir to %s\n", dir);
+		exit(-1);
+	}
+
+	fd = open(PHOTURIS_FIFO, O_WRONLY | O_NONBLOCK, 0);
+
+	if (fd == -1)
+	{
+		perror("open()");
+		exit(-1);
+	}
+	
+	if ((buffer = calloc(len, sizeof(char))) == NULL) {
+	     perror("calloc()");
+	     exit(-1);
+	}
+
+	for (i=0; i<argc; i++) {
+	     strcpy(buffer+strlen(buffer), argv[i]);
+	     strcat(buffer, " ");
+	}
+
+	if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
+	{
+	     perror("write()");
+	     exit(-1);
+	}
+
+	free(buffer);
+
+	close(fd);
+
+	exit(0);
+}