ipsec: Update usage output
[strongswan.git] / src / ipsec / _ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006-2014 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
19 export PATH
20
21 # set daemon name
22 [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
23
24 # name and version of the ipsec implementation
25 OS_NAME=`uname -s`
26 IPSEC_NAME="@IPSEC_NAME@"
27 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
28
29 # where the private directory and the config files are
30 IPSEC_DIR="@IPSEC_DIR@"
31 IPSEC_BINDIR="@IPSEC_BINDIR@"
32 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
33 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
34 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
35 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
36
37 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
38 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
39
40 IPSEC_STROKE="${IPSEC_DIR}/stroke"
41 IPSEC_STARTER="${IPSEC_DIR}/starter"
42
43 export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
44
45 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
46
47 case "$1" in
48 '')
49         echo "$IPSEC_SCRIPT command [arguments]"
50         echo
51         echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
52         echo "See <http://www.strongswan.org> for more general information."
53         exit 0
54         ;;
55 --help)
56         echo "$IPSEC_SCRIPT command [arguments]"
57         echo
58         echo "Commands:"
59         echo "  start|restart [arguments]"
60         echo "  update|reload|stop"
61         echo "  up|down|route|unroute <connectionname>"
62         echo "  down-srcip <start> [<end>]"
63         echo "  status|statusall [<connectionname>]"
64         echo "  listalgs|listpubkeys|listcerts [--utc]"
65         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
66         echo "  listacerts|listgroups|listcainfos [--utc]"
67         echo "  listcrls|listocsp|listplugins|listall [--utc]"
68         echo "  listcounters|resetcounters [name]"
69         echo "  leases [<poolname> [<address>]]"
70         echo "  rereadsecrets|rereadcacerts|rereadaacerts"
71         echo "  rereadocspcerts|rereadacerts|rereadcrls|rereadall"
72         echo "  purgecerts|purgecrls|purgeike|purgeocsp"
73         echo "  scepclient|pki"
74         echo "  starter|stroke"
75         echo "  version"
76         echo
77         echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
78         echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
79         exit 0
80         ;;
81 --versioncode)
82         echo "$IPSEC_VERSION"
83         exit 0
84         ;;
85 --directory)
86         echo "$IPSEC_DIR"
87         exit 0
88         ;;
89 --confdir)
90         echo "$IPSEC_CONFDIR"
91         exit 0
92         ;;
93 --piddir)
94         echo "$IPSEC_PIDDIR"
95         exit 0
96         ;;
97 copyright|--copyright)
98         set _copyright
99         # and fall through, invoking "ipsec _copyright"
100         ;;
101 down)
102         shift
103         if [ "$#" -ne 1 ]
104         then
105             echo "Usage: $IPSEC_SCRIPT down <connection name>"
106             exit 2
107         fi
108         rc=7
109         if [ -e $IPSEC_CHARON_PID ]
110         then
111                 $IPSEC_STROKE down "$1"
112                 rc="$?"
113         fi
114         exit "$rc"
115         ;;
116 down-srcip)
117         shift
118         if [ "$#" -lt 1 ]
119         then
120             echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
121             exit 2
122         fi
123         rc=7
124         if [ -e $IPSEC_CHARON_PID ]
125         then
126                 $IPSEC_STROKE down-srcip $*
127                 rc="$?"
128         fi
129         exit "$rc"
130         ;;
131 listcards|rereadgroups)
132         op="$1"
133         shift
134         if [ -e $IPSEC_CHARON_PID ]
135         then
136                 exit 3
137         else
138                 exit 7
139         fi
140         ;;
141 leases)
142         op="$1"
143         rc=7
144         shift
145         if [ -e $IPSEC_CHARON_PID ]
146         then
147                 case "$#" in
148                 0) $IPSEC_STROKE "$op" ;;
149                 1) $IPSEC_STROKE "$op" "$1" ;;
150                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
151                 esac
152                 rc="$?"
153         fi
154         exit "$rc"
155         ;;
156 listalgs|listpubkeys|listplugins|\
157 listcerts|listcacerts|listaacerts|\
158 listacerts|listgroups|listocspcerts|\
159 listcainfos|listcrls|listocsp|listall|\
160 rereadsecrets|rereadcacerts|rereadaacerts|\
161 rereadacerts|rereadocspcerts|rereadcrls|\
162 rereadall|purgeocsp|listcounters|resetcounters)
163         op="$1"
164         rc=7
165         shift
166         if [ -e $IPSEC_CHARON_PID ]
167         then
168                 $IPSEC_STROKE "$op" "$@"
169                 rc="$?"
170         fi
171         exit "$rc"
172         ;;
173 purgeike|purgecrls|purgecerts)
174         rc=7
175         if [ -e $IPSEC_CHARON_PID ]
176         then
177                 $IPSEC_STROKE "$1"
178                 rc="$?"
179         fi
180         exit "$rc"
181         ;;
182 reload)
183         rc=7
184         if [ -e $IPSEC_STARTER_PID ]
185         then
186                 echo "Reloading strongSwan IPsec configuration..." >&2
187                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
188         else
189                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
190         fi
191         exit "$rc"
192         ;;
193 restart)
194         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
195         sleep 2
196         shift
197         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
198         ;;
199 route|unroute)
200         op="$1"
201         rc=7
202         shift
203         if [ "$#" -ne 1 ]
204         then
205                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
206                 exit 2
207         fi
208         if [ -e $IPSEC_CHARON_PID ]
209         then
210                 $IPSEC_STROKE "$op" "$1"
211                 rc="$?"
212         fi
213         exit "$rc"
214         ;;
215 secrets)
216         rc=7
217         if [ -e $IPSEC_CHARON_PID ]
218         then
219                 $IPSEC_STROKE rereadsecrets
220                 rc="$?"
221         fi
222         exit "$rc"
223         ;;
224 start)
225         shift
226         if [ -d /var/lock/subsys ]; then
227                 touch /var/lock/subsys/ipsec
228         fi
229         exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
230         ;;
231 status|statusall)
232         op="$1"
233         # Return value is slightly different for the status command:
234         # 0 - service up and running
235         # 1 - service dead, but /var/run/  pid  file exists
236         # 2 - service dead, but /var/lock/ lock file exists
237         # 3 - service not running (unused)
238         # 4 - service status unknown :-(
239         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
240         shift
241         if [ $# -eq 0 ]
242         then
243                 if [ -e $IPSEC_CHARON_PID ]
244                 then
245                         $IPSEC_STROKE "$op"
246                 fi
247         else
248                 if [ -e $IPSEC_CHARON_PID ]
249                 then
250                         $IPSEC_STROKE "$op" "$1"
251                 fi
252         fi
253         if [ -e $IPSEC_STARTER_PID ]
254         then
255                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
256                 exit $?
257         fi
258         exit 3
259         ;;
260 stop)
261         # stopping a not-running service is considered as success
262         if [ -e $IPSEC_STARTER_PID ]
263         then
264                 echo "Stopping strongSwan IPsec..." >&2
265                 spid=`cat $IPSEC_STARTER_PID`
266                 if [ -n "$spid" ]
267                 then
268                         kill $spid 2>/dev/null
269                         loop=11
270                         while [ $loop -gt 0 ] ; do
271                                 kill -0 $spid 2>/dev/null || break
272                                 sleep 1
273                                 loop=$(($loop - 1))
274                         done
275                         if [ $loop -eq 0 ]
276                         then
277                                 kill -KILL $spid 2>/dev/null
278                                 rm -f $IPSEC_STARTER_PID
279                         fi
280                 fi
281         else
282                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
283         fi
284         if [ -d /var/lock/subsys ]; then
285                 rm -f /var/lock/subsys/ipsec
286         fi
287         exit 0
288         ;;
289 up)
290         shift
291         if [ "$#" -ne 1 ]
292         then
293             echo "Usage: $IPSEC_SCRIPT up <connection name>"
294             exit 2
295         fi
296         rc=7
297         if [ -e $IPSEC_CHARON_PID ]
298         then
299                 $IPSEC_STROKE up "$1"
300                 rc="$?"
301         fi
302         exit "$rc"
303         ;;
304 update)
305         if [ -e $IPSEC_STARTER_PID ]
306         then
307                 echo "Updating strongSwan IPsec configuration..." >&2
308                 kill -HUP `cat $IPSEC_STARTER_PID`
309                 exit 0
310         else
311                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
312                 exit 7
313         fi
314         ;;
315 pki)
316         shift
317         exec $IPSEC_BINDIR/pki "$@"
318         ;;
319 aikgen)
320         shift
321         exec $IPSEC_BINDIR/aikgen "$@"
322         ;;
323 version|--version)
324         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
325         printf "$IPSEC_DISTRO\n"
326         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
327         exit 0
328         ;;
329 --*)
330         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
331         exit 2
332         ;;
333 esac
334
335 cmd="$1"
336 shift
337
338 path="$IPSEC_DIR/$cmd"
339
340 if [ ! -x "$path" ]
341 then
342         echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
343         exit 2
344 fi
345
346 exec $path "$@"