Autoconfiscation.

diff --git a/Makefile b/Makefile
deleted file mode 100644 (file)
index a7a4bd6..0000000
--- a/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-all: fides
-
-CFLAGS ?= -Wall -g -O0
-LDFLAGS ?= -Wall -g -O0
-
-fides: fides.o
-       $(CXX) $(LDFLAGS) -o $@ $< -lbotan
-
-%.o: %.cc %.h
-       $(CXX) $(CFLAGS) -g -c -Wall -o $@ $<
-
-clean:
-       rm -f *.o fides

diff --git a/Makefile.am b/Makefile.am
new file mode 100644 (file)
index 0000000..1e0060f
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,6 @@
+AUTOMAKE_OPTIONS = foreign
+
+SUBDIRS = lib src
+
+ChangeLog:
+       git log > ChangeLog

diff --git a/configure.ac b/configure.ac
new file mode 100644 (file)
index 0000000..415538b
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,21 @@
+AC_INIT
+AM_INIT_AUTOMAKE([fides], [0.1])
+AC_PREREQ(2.61)
+AC_COPYRIGHT([Copyright (c) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>])
+AC_REVISION($Revision$)
+AC_CONFIG_SRCDIR(src/fides.cc)
+
+AC_GNU_SOURCE
+
+AC_PROG_CXX
+AC_PROG_CXXCPP
+AC_PROG_INSTALL
+AC_PROG_MAKE_SET
+AC_PROG_LIBTOOL
+
+PKG_CHECK_MODULES(BOTAN, botan-1.8 >= 1.8.0)
+AC_SUBST(BOTAN_CFLAGS)
+AC_SUBST(BOTAN_LIBS)
+
+AC_CONFIG_FILES([Makefile lib/Makefile src/Makefile])
+AC_OUTPUT

diff --git a/lib/Makefile.am b/lib/Makefile.am
new file mode 100644 (file)
index 0000000..cb39600
--- /dev/null
+++ b/lib/Makefile.am
@@ -0,0 +1,4 @@
+lib_LTLIBRARIES = libfides.la
+libfides_la_SOURCES = fides.cc
+include_HEADERS = fides.h
+libfides_la_LIBADD = $(BOTAN_LIBS)

diff --git a/fides.cc b/lib/fides.cc
similarity index 73%
rename from fides.cc
rename to lib/fides.cc
index eb2de1a..c4dff16 100644 (file)
--- a/fides.cc
+++ b/lib/fides.cc
@@ -1,4 +1,4 @@
-/* fides.c - Light-weight, decentralised trust and authorisation management
+/* fides.cc - Light-weight, decentralised trust and authorisation management
    Copyright (C) 2008-2009  Guus Sliepen <guus@tinc-vpn.org>
   
    Fides is free software; you can redistribute it and/or modify
@@ -19,8 +19,6 @@
 #include <cstring>
 #include <cstdlib>
 #include <stdint.h>
-#include <getopt.h>
-#include <sysexits.h>
 #include <iostream>
 #include <fstream>
 #include <botan/types.h>
@@ -223,60 +221,6 @@ string fides::certificate::to_string() const {
        return data;
 }
 
-static void help(ostream &out, const string &argv0) {
-       out << "Usage: " << argv0 << "<command> [arguments]\n"
-       "\n"
-       "Available commands are:\n"
-       "\n"
-       "  init      Initialise fides, generate a public/private keypair.\n"
-       "  version   Show version and copyright information.\n"
-       "  help      Show this help message.\n"
-       "\n"
-       "  trust <keyid>\n"
-       "            Trust allow/deny packets signed by the specified key.\n"
-       "  distrust <keyid>\n"
-       "            Distrust allow/deny packets signed by the specified key.\n"
-       "  dctrust <keyid>\n"
-       "            Don't care about allow/deny packets signed by the specified key.\n"
-       "  is_trusted <keyid>\n"
-       "            Returns 0 if key is trusted, 1 otherwise\n"
-       "  is_distrusted <keyid>\n"
-       "            Returns 0 if key is distrusted, 1 otherwise\n"
-       "\n"
-       "  sign <stuff ...>\n"
-       "            Sign stuff.\n"
-       "  allow <stuff ...>\n"
-       "            Allow stuff.\n"
-       "  deny <stuff ...> \n"
-       "            Deny stuff.\n"
-       "  dontcare <stuff ...> \n"
-       "            Don't care about stuff.\n"
-       "  is_allowed <stuff ...>\n"
-       "            Returns 0 if stuff is allowed, 1 otherwise\n"
-       "  is_denied <stuff ...>\n"
-       "            Returns 0 if stuff is denied, 1 otherwise\n"
-       "\n"
-       "  import [filename]\n"
-       "            Import keys and certificates from file, or stdin if unspecified.\n"
-       "  export [filename]\n"
-       "            Export keys and certificates to file, or stdout if unspecified.\n"
-       "  test <stuff ...>\n"
-       "            Tell whether stuff is allowed or not by counting relevant certificates\n"
-       "  find <regexp>\n"
-       "            Find all certificates matching regexp\n"
-       "  fsck      Verify the signature on all information collected.\n";
-}
-
-static void version(ostream &out = cout) {
-       out << "fides version 0.1\n"
-       "Copyright (c) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>\n"
-       "\n"
-       "This program is free software; you can redistribute it and/or modify\n"
-       "it under the terms of the GNU General Public License as published by\n"
-       "the Free Software Foundation; either version 2 of the License, or\n"
-       "(at your option) any later version.\n";
-}
-
 // Utility functions
 
 static vector<string> dirlist(const string &path) {
@@ -526,16 +470,6 @@ void fides::export_all(ostream &out) {
                out << i->second->to_string() << '\n';
 }
 
-static int init() {
-       fides fides;
-       if(fides.is_firstrun()) {
-               cout << "New keys generated in " << fides.get_homedir() << '\n';
-       } else {
-               cout << "Fides already initialised\n";
-       }
-       return 0;
-}
-
 void fides::trust(publickey *key) {
        string full = "t+ " + hexencode(key->fingerprint());
        sign(full);
@@ -551,77 +485,6 @@ void fides::dctrust(publickey *key) {
        sign(full);
 }
 
-static int is_trusted(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
-       if(!key) {
-               cerr << "Unknown key!\n";
-               return 1;
-       }
-       return fides.is_trusted(key) ? 0 : 1;
-}
-
-static int is_distrusted(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
-       if(!key) {
-               cerr << "Unknown key!\n";
-               return 1;
-       }
-       return fides.is_distrusted(key) ? 0 : 1;
-}
-
-static int trust(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
-       if(key)
-               fides.trust(key);
-       else {
-               cerr << "Unknown key!\n";
-               return -1;
-       }
-       return 0;
-}
-
-static int dctrust(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
-       if(key)
-               fides.dctrust(key);
-       else {
-               cerr << "Unknown key!\n";
-               return -1;
-       }
-       return 0;
-}
-
-static int distrust(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
-       if(key)
-               fides.distrust(key);
-       else {
-               cerr << "Unknown key!\n";
-               return -1;
-       }
-       return 0;
-}
-
 void fides::update_trust() {
        // clear trust on all keys
        for(map<string, publickey *>::iterator i = keys.begin(); i != keys.end(); ++i)
@@ -909,210 +772,3 @@ void fides::deny(const string &statement, publickey *key) {
        sign(full);
 }
 
-static int sign(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides.sign(argv[0]);
-       return 0;
-}
-
-static int allow(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides.allow(argv[0]);
-       return 0;
-}
-
-static int dontcare(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides.dontcare(argv[0]);
-       return 0;
-}
-
-static int deny(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       fides.deny(argv[0]);
-       return 0;
-}
-
-static int import(int argc, char *const argv[]) {
-       fides fides;
-       
-       if(argc) {
-               ifstream in(argv[0]);
-               fides.import_all(in);
-       } else
-               fides.import_all(cin);
-       return 0;
-}
-
-static int exprt(int argc, char *const argv[]) {
-       fides fides;
-
-       if(argc) {
-               ofstream out(argv[0]);
-               fides.export_all(out);
-       } else
-               fides.export_all(cout);
-       return 0;
-}
-
-static int find(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       // Find certificates matching statement
-       fides fides;
-       const vector<fides::certificate *> &certs = fides.find_certificates(argv[0]);
-       for(size_t i = 0; i < certs.size(); ++i)
-               cout << i << ' ' << certs[i]->to_string() << '\n';
-       return 0;
-}
-
-static int is_allowed(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       return fides.is_allowed(argv[0]) ? 0 : 1;
-}
-
-static int is_denied(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       return fides.is_denied(argv[0]) ? 0 : 1;
-}
-
-static int test(int argc, char *const argv[]) {
-       if(argc < 1)
-               return EX_USAGE;
-
-       fides fides;
-       int self, trusted, all;
-       fides.auth_stats(argv[0], self, trusted, all);
-       cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n';
-       return 0;
-}
-
-static int fsck() {
-       fides fides;
-       if(fides.fsck()) {
-               cout << "Everything OK\n";
-               return 0;
-       } else {
-               cout << "Integrity failure!\n";
-               return 1;
-       }
-}
-
-int main(int argc, char *const argv[]) {
-       int r;
-       int option_index;
-
-       static struct option const long_options[] = {
-               {"homedir", required_argument, NULL, 2},
-               {"help", no_argument, NULL, 'h'},
-               {"version", no_argument, NULL, 3},
-               {NULL, 0, NULL, 0}
-       };
-
-        while((r = getopt_long(argc, argv, "h", long_options, &option_index)) != EOF) {
-                switch (r) {
-                        case 0:                         /* long option */
-                                break;
-                       case 1:                         /* non-option */
-                               break;
-                       case 2:
-                               //homedir = strdup(optarg);
-                               break;
-                       case 3:
-                               version();
-                               return 0;
-                       case 'h':
-                               help(cout, argv[0]);
-                               return 0;
-               }
-       }
-
-       if(argc < 2) {
-               help(cerr, argv[0]);
-               return EX_USAGE;
-       }
-
-       if(!strcmp(argv[1], "help")) {
-               help(cout, argv[0]);
-               return 0;
-       }
-
-       if(!strcmp(argv[1], "version")) {
-               version();
-               return 0;
-       }
-
-       if(!strcmp(argv[1], "init"))
-               return init();
-
-       if(!strcmp(argv[1], "trust"))
-               return trust(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "dctrust"))
-               return dctrust(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "distrust"))
-               return distrust(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "is_trusted"))
-               return is_trusted(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "is_distrusted"))
-               return is_distrusted(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "is_allowed"))
-               return is_allowed(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "is_denied"))
-               return is_denied(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "allow"))
-               return allow(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "dontcare"))
-               return dontcare(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "deny"))
-               return deny(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "sign"))
-               return sign(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "import"))
-               return import(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "export"))
-               return exprt(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "test"))
-               return test(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "find"))
-               return find(argc - 2, argv + 2);
-
-       if(!strcmp(argv[1], "fsck"))
-               return fsck();
-
-       cerr << "Unknown command: " << argv[1] << '\n';
-       return EX_USAGE;
-}
-

diff --git a/fides.h b/lib/fides.h
similarity index 100%
rename from fides.h
rename to lib/fides.h

diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644 (file)
index 0000000..3a5b9e9
--- /dev/null
+++ b/src/Makefile.am
@@ -0,0 +1,11 @@
+AM_CPPFLAGS = \
+       -I$(top_srcdir)/lib
+
+bin_PROGRAMS = fides
+
+fides_SOURCES = fides.cc
+
+noinst_HEADERS = 
+
+fides_LDADD = \
+       $(top_srcdir)/lib/libfides.la

diff --git a/src/fides.cc b/src/fides.cc
new file mode 100644 (file)
index 0000000..006b503
--- /dev/null
+++ b/src/fides.cc
@@ -0,0 +1,382 @@
+/* fides.c - Light-weight, decentralised trust and authorisation management
+   Copyright (C) 2008-2009  Guus Sliepen <guus@tinc-vpn.org>
+  
+   Fides is free software; you can redistribute it and/or modify
+   it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+  
+   Fides is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU Lesser General Public License for more details.
+  
+   You should have received a copy of the GNU Lesser General Public
+   License along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <cstdio>
+#include <cstring>
+#include <cstdlib>
+#include <stdint.h>
+#include <getopt.h>
+#include <sysexits.h>
+#include <iostream>
+#include <fstream>
+#include <botan/types.h>
+#include <botan/botan.h>
+#include <botan/ecdsa.h>
+#include <botan/look_pk.h>
+#include <botan/lookup.h>
+#include <botan/filters.h>
+#include <botan/sha2_32.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <list>
+
+#include "fides.h"
+
+using namespace std;
+
+static void help(ostream &out, const string &argv0) {
+       out << "Usage: " << argv0 << "<command> [arguments]\n"
+       "\n"
+       "Available commands are:\n"
+       "\n"
+       "  init      Initialise fides, generate a public/private keypair.\n"
+       "  version   Show version and copyright information.\n"
+       "  help      Show this help message.\n"
+       "\n"
+       "  trust <keyid>\n"
+       "            Trust allow/deny packets signed by the specified key.\n"
+       "  distrust <keyid>\n"
+       "            Distrust allow/deny packets signed by the specified key.\n"
+       "  dctrust <keyid>\n"
+       "            Don't care about allow/deny packets signed by the specified key.\n"
+       "  is_trusted <keyid>\n"
+       "            Returns 0 if key is trusted, 1 otherwise\n"
+       "  is_distrusted <keyid>\n"
+       "            Returns 0 if key is distrusted, 1 otherwise\n"
+       "\n"
+       "  sign <stuff ...>\n"
+       "            Sign stuff.\n"
+       "  allow <stuff ...>\n"
+       "            Allow stuff.\n"
+       "  deny <stuff ...> \n"
+       "            Deny stuff.\n"
+       "  dontcare <stuff ...> \n"
+       "            Don't care about stuff.\n"
+       "  is_allowed <stuff ...>\n"
+       "            Returns 0 if stuff is allowed, 1 otherwise\n"
+       "  is_denied <stuff ...>\n"
+       "            Returns 0 if stuff is denied, 1 otherwise\n"
+       "\n"
+       "  import [filename]\n"
+       "            Import keys and certificates from file, or stdin if unspecified.\n"
+       "  export [filename]\n"
+       "            Export keys and certificates to file, or stdout if unspecified.\n"
+       "  test <stuff ...>\n"
+       "            Tell whether stuff is allowed or not by counting relevant certificates\n"
+       "  find <regexp>\n"
+       "            Find all certificates matching regexp\n"
+       "  fsck      Verify the signature on all information collected.\n";
+}
+
+static void version(ostream &out = cout) {
+       out << "fides version 0.1\n"
+       "Copyright (c) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>\n"
+       "\n"
+       "This program is free software; you can redistribute it and/or modify\n"
+       "it under the terms of the GNU General Public License as published by\n"
+       "the Free Software Foundation; either version 2 of the License, or\n"
+       "(at your option) any later version.\n";
+}
+
+static int init() {
+       fides fides;
+       if(fides.is_firstrun()) {
+               cout << "New keys generated in " << fides.get_homedir() << '\n';
+       } else {
+               cout << "Fides already initialised\n";
+       }
+       return 0;
+}
+
+static int is_trusted(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+       if(!key) {
+               cerr << "Unknown key!\n";
+               return 1;
+       }
+       return fides.is_trusted(key) ? 0 : 1;
+}
+
+static int is_distrusted(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+       if(!key) {
+               cerr << "Unknown key!\n";
+               return 1;
+       }
+       return fides.is_distrusted(key) ? 0 : 1;
+}
+
+static int trust(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+       if(key)
+               fides.trust(key);
+       else {
+               cerr << "Unknown key!\n";
+               return -1;
+       }
+       return 0;
+}
+
+static int dctrust(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+       if(key)
+               fides.dctrust(key);
+       else {
+               cerr << "Unknown key!\n";
+               return -1;
+       }
+       return 0;
+}
+
+static int distrust(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+       if(key)
+               fides.distrust(key);
+       else {
+               cerr << "Unknown key!\n";
+               return -1;
+       }
+       return 0;
+}
+
+static int sign(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides.sign(argv[0]);
+       return 0;
+}
+
+static int allow(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides.allow(argv[0]);
+       return 0;
+}
+
+static int dontcare(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides.dontcare(argv[0]);
+       return 0;
+}
+
+static int deny(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       fides.deny(argv[0]);
+       return 0;
+}
+
+static int import(int argc, char *const argv[]) {
+       fides fides;
+       
+       if(argc) {
+               ifstream in(argv[0]);
+               fides.import_all(in);
+       } else
+               fides.import_all(cin);
+       return 0;
+}
+
+static int exprt(int argc, char *const argv[]) {
+       fides fides;
+
+       if(argc) {
+               ofstream out(argv[0]);
+               fides.export_all(out);
+       } else
+               fides.export_all(cout);
+       return 0;
+}
+
+static int find(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       // Find certificates matching statement
+       fides fides;
+       const vector<fides::certificate *> &certs = fides.find_certificates(argv[0]);
+       for(size_t i = 0; i < certs.size(); ++i)
+               cout << i << ' ' << certs[i]->to_string() << '\n';
+       return 0;
+}
+
+static int is_allowed(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       return fides.is_allowed(argv[0]) ? 0 : 1;
+}
+
+static int is_denied(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       return fides.is_denied(argv[0]) ? 0 : 1;
+}
+
+static int test(int argc, char *const argv[]) {
+       if(argc < 1)
+               return EX_USAGE;
+
+       fides fides;
+       int self, trusted, all;
+       fides.auth_stats(argv[0], self, trusted, all);
+       cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n';
+       return 0;
+}
+
+static int fsck() {
+       fides fides;
+       if(fides.fsck()) {
+               cout << "Everything OK\n";
+               return 0;
+       } else {
+               cout << "Integrity failure!\n";
+               return 1;
+       }
+}
+
+int main(int argc, char *const argv[]) {
+       int r;
+       int option_index;
+
+       static struct option const long_options[] = {
+               {"homedir", required_argument, NULL, 2},
+               {"help", no_argument, NULL, 'h'},
+               {"version", no_argument, NULL, 3},
+               {NULL, 0, NULL, 0}
+       };
+
+        while((r = getopt_long(argc, argv, "h", long_options, &option_index)) != EOF) {
+                switch (r) {
+                        case 0:                         /* long option */
+                                break;
+                       case 1:                         /* non-option */
+                               break;
+                       case 2:
+                               //homedir = strdup(optarg);
+                               break;
+                       case 3:
+                               version();
+                               return 0;
+                       case 'h':
+                               help(cout, argv[0]);
+                               return 0;
+               }
+       }
+
+       if(argc < 2) {
+               help(cerr, argv[0]);
+               return EX_USAGE;
+       }
+
+       if(!strcmp(argv[1], "help")) {
+               help(cout, argv[0]);
+               return 0;
+       }
+
+       if(!strcmp(argv[1], "version")) {
+               version();
+               return 0;
+       }
+
+       if(!strcmp(argv[1], "init"))
+               return init();
+
+       if(!strcmp(argv[1], "trust"))
+               return trust(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "dctrust"))
+               return dctrust(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "distrust"))
+               return distrust(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "is_trusted"))
+               return is_trusted(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "is_distrusted"))
+               return is_distrusted(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "is_allowed"))
+               return is_allowed(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "is_denied"))
+               return is_denied(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "allow"))
+               return allow(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "dontcare"))
+               return dontcare(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "deny"))
+               return deny(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "sign"))
+               return sign(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "import"))
+               return import(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "export"))
+               return exprt(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "test"))
+               return test(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "find"))
+               return find(argc - 2, argv + 2);
+
+       if(!strcmp(argv[1], "fsck"))
+               return fsck();
+
+       cerr << "Unknown command: " << argv[1] << '\n';
+       return EX_USAGE;
+}