3 files changed, 4 insertions, 243 deletions
diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am
index d2617cb00..f7a1b8a7d 100644
--- a/src/libfreeswan/Makefile.am
+++ b/src/libfreeswan/Makefile.am
@@ -1,8 +1,7 @@
 noinst_LIBRARIES = libfreeswan.a
 libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \
 			atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
-			goodmask.c initaddr.c initsaid.c initsubnet.c internal.h \
-			ipsec_param.h ipsec_policy.h \
+			goodmask.c initaddr.c initsaid.c initsubnet.c internal.h \ ipsec_param.h \
 			keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \
 			pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \
 			pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \
@@ -14,6 +13,9 @@ INCLUDES = \
 -I$(top_srcdir)/src/libstrongswan \
 -I$(top_srcdir)/src/pluto
 
+AM_CFLAGS = \
+-DNO_CREDENTIAL_FACTORY
+
 dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \
                  keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
                  ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3
diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h
index bcae76aec..d671e7fd2 100644
--- a/src/libfreeswan/freeswan.h
+++ b/src/libfreeswan/freeswan.h
@@ -385,16 +385,6 @@ bitstomask(
 	int n
 );
 
-
-
-/*
- * general utilities
- */
-
-/* option pickup from files */
-const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
-						int optind, FILE *errorreport);
-
 /*
  * Debugging levels for pfkey_lib_debug
  */
diff --git a/src/libfreeswan/ipsec_policy.h b/src/libfreeswan/ipsec_policy.h
deleted file mode 100644
index 966ba79a0..000000000
--- a/src/libfreeswan/ipsec_policy.h
+++ /dev/null
@@ -1,231 +0,0 @@
-#ifndef _IPSEC_POLICY_H
-/*
- * policy interface file between pluto and applications
- * Copyright (C) 2003              Michael Richardson <mcr@freeswan.org>
- * 
- * This library is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Library General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
- * 
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
- * License for more details.
- */
-#define	_IPSEC_POLICY_H 	/* seen it, no need to see it again */
-
-
-/*
- * this file defines an interface between an application (or rather an
- * application library) and a key/policy daemon. It provides for inquiries
- * as to the current state of a connected socket, as well as for general
- * questions.
- *
- * In general, the interface is defined as a series of functional interfaces,
- * and the policy messages should be internal. However, because this is in
- * fact an ABI between pieces of the system that may get compiled and revised
- * seperately, this ABI must be public and revision controlled.
- *
- * It is expected that the daemon will always support previous versions.
- */
-
-#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061
-
-enum ipsec_policy_command {
-  IPSEC_CMD_QUERY_FD       = 1,
-  IPSEC_CMD_QUERY_HOSTPAIR = 2,
-  IPSEC_CMD_QUERY_DSTONLY  = 3,
-};
-
-struct ipsec_policy_msg_head {
-  u_int32_t ipm_version;
-  u_int32_t ipm_msg_len;  
-  u_int32_t ipm_msg_type;
-  u_int32_t ipm_msg_seq;
-};
-
-enum ipsec_privacy_quality {
-  IPSEC_PRIVACY_NONE     = 0,
-  IPSEC_PRIVACY_INTEGRAL = 4,   /* not private at all. AH-like */
-  IPSEC_PRIVACY_UNKNOWN  = 8,   /* something is claimed, but details unavail */
-  IPSEC_PRIVACY_ROT13    = 12,  /* trivially breakable, i.e. 1DES */
-  IPSEC_PRIVACY_GAK      = 16,  /* known eavesdroppers */
-  IPSEC_PRIVACY_PRIVATE  = 32,  /* secure for at least a decade */
-  IPSEC_PRIVACY_STRONG   = 64,  /* ridiculously secure */
-  IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */
-  IPSEC_PRIVACY_OTP      = 224, /* some kind of *true* one time pad */
-};
-
-enum ipsec_bandwidth_quality {
-  IPSEC_QOS_UNKNOWN = 0,       /* unknown bandwidth */
-  IPSEC_QOS_INTERACTIVE = 16,  /* reasonably moderate jitter, moderate fast.
-				  Good enough for telnet/ssh. */
-  IPSEC_QOS_VOIP        = 32,  /* faster crypto, predicable jitter */
-  IPSEC_QOS_FTP         = 64,  /* higher throughput crypto, perhaps hardware
-				  offloaded, but latency/jitter may be bad */
-  IPSEC_QOS_WIRESPEED   = 128, /* expect to be able to fill your pipe */
-};
-
-/* moved from programs/pluto/constants.h */
-/* IPsec AH transform values
- * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3
- * and in http://www.iana.org/assignments/isakmp-registry
- */
-enum ipsec_authentication_algo {
-  AH_NONE         = 0,
-  AH_MD5          = 2,
-  AH_SHA          = 3,
-  AH_DES          = 4,
-  AH_SHA2_256     = 5,
-  AH_SHA2_384     = 6,
-  AH_SHA2_512     = 7,
-  AH_RIPEMD       = 8,
-  AH_AES_XCBC_MAC = 9,
-  AH_RSA          = 10
-};
-
-/* IPsec ESP transform values
- * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4
- * and from http://www.iana.org/assignments/isakmp-registry
- */
-
-enum ipsec_cipher_algo {
-  ESP_NONE          = 0,
-  ESP_DES_IV64      = 1,
-  ESP_DES           = 2,
-  ESP_3DES          = 3,
-  ESP_RC5           = 4,
-  ESP_IDEA          = 5,
-  ESP_CAST          = 6,
-  ESP_BLOWFISH      = 7,
-  ESP_3IDEA         = 8,
-  ESP_DES_IV32      = 9,
-  ESP_RC4           = 10,
-  ESP_NULL          = 11,
-  ESP_AES           = 12,
-  ESP_AES_CTR       = 13,
-  ESP_AES_CCM_8     = 14,
-  ESP_AES_CCM_12    = 15,
-  ESP_AES_CCM_16    = 16,
-  ESP_UNASSIGNED_17 = 17,
-  ESP_AES_GCM_8     = 18,
-  ESP_AES_GCM_12    = 19,
-  ESP_AES_GCM_16    = 20,
-  ESP_SEED_CBC      = 21,
-  ESP_CAMELLIA      = 22,
-  ESP_SERPENT       = 252,
-  ESP_TWOFISH       = 253
-};
-
-/* IPCOMP transform values
- * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5
- */
-
-enum ipsec_comp_algo {
-  IPSCOMP_NONE   = 0,
-  IPCOMP_OUI     = 1,
-  IPCOMP_DEFLATE = 2,
-  IPCOMP_LZS     = 3,
-  IPCOMP_LZJH    = 4
-};
-
-/* Identification type values
- * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1 
- */
-
-enum ipsec_id_type {
-  ID_IMPOSSIBLE=             (-2),	/* private to Pluto */
-  ID_MYID=                   (-1),	/* private to Pluto */
-  ID_NONE=                     0,	/* private to Pluto */
-  ID_IPV4_ADDR=                1,
-  ID_FQDN=                     2,
-  ID_USER_FQDN=                3,
-  ID_IPV4_ADDR_SUBNET=         4,
-  ID_IPV6_ADDR=                5,
-  ID_IPV6_ADDR_SUBNET=         6,
-  ID_IPV4_ADDR_RANGE=          7,
-  ID_IPV6_ADDR_RANGE=          8,
-  ID_DER_ASN1_DN=              9,
-  ID_DER_ASN1_GN=              10,
-  ID_KEY_ID=                   11
-};
-
-/* Certificate type values
- * RFC 2408 ISAKMP, chapter 3.9
- */
-enum ipsec_cert_type {
-  CERT_NONE=			0,
-  CERT_PKCS7_WRAPPED_X509=	1,
-  CERT_PGP=			2,
-  CERT_DNS_SIGNED_KEY=		3,
-  CERT_X509_SIGNATURE=		4,
-  CERT_X509_KEY_EXCHANGE=	5,
-  CERT_KERBEROS_TOKENS=		6,
-  CERT_CRL=			7,
-  CERT_ARL=			8,
-  CERT_SPKI=			9,
-  CERT_X509_ATTRIBUTE=		10,
-  CERT_RAW_RSA_KEY=             11
-};
-
-/* a SIG record in ASCII */
-struct ipsec_dns_sig {
-  char fqdn[256];
-  char dns_sig[768];     /* empty string if not signed */
-};
-
-struct ipsec_raw_key {
-  char id_name[256];
-  char fs_keyid[8];
-};
-
-struct ipsec_identity {
-  enum ipsec_id_type     ii_type;
-  enum ipsec_cert_type   ii_format;
-  union {
-    struct ipsec_dns_sig ipsec_dns_signed;
-    /* some thing for PGP */
-    /* some thing for PKIX */
-    struct ipsec_raw_key ipsec_raw_key;
-  } ii_credential;
-};
-
-#define IPSEC_MAX_CREDENTIALS 32
-
-struct ipsec_policy_cmd_query {
-  struct ipsec_policy_msg_head head;
-
-  /* Query section */
-  ip_address query_local;     /* us   */
-  ip_address query_remote;    /* them */
-  u_short src_port, dst_port;
-
-  /* Answer section */
-  enum ipsec_privacy_quality     strength;
-  enum ipsec_bandwidth_quality   bandwidth;
-  enum ipsec_authentication_algo auth_detail;  
-  enum ipsec_cipher_algo         esp_detail;
-  enum ipsec_comp_algo           comp_detail;
-
-  int                            credential_count;
-
-  struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS];
-};
-
-#define IPSEC_POLICY_SOCKET "/var/run/pluto.info"
-
-/* prototypes */
-extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result);
-extern err_t ipsec_policy_init(void);
-extern err_t ipsec_policy_final(void);
-extern err_t ipsec_policy_readmsg(int policysock,
-				  unsigned char *buf, size_t buflen);
-extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen);
-extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result);
-
-
-extern const char *ipsec_policy_version_code(void);
-extern const char *ipsec_policy_version_string(void);
-
-#endif /* _IPSEC_POLICY_H */