ipsec: Fix stop command on systems where sleep(1) only supports integers
[strongswan.git] / src / ipsec / _ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006-2014 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
19 export PATH
20
21 # set daemon name
22 [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
23
24 # name and version of the ipsec implementation
25 OS_NAME=`uname -s`
26 IPSEC_NAME="@IPSEC_NAME@"
27 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
28
29 # where the private directory and the config files are
30 IPSEC_DIR="@IPSEC_DIR@"
31 IPSEC_BINDIR="@IPSEC_BINDIR@"
32 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
33 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
34 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
35 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
36
37 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
38 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
39
40 IPSEC_STROKE="${IPSEC_DIR}/stroke"
41 IPSEC_STARTER="${IPSEC_DIR}/starter"
42
43 export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
44
45 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
46
47 case "$1" in
48 '')
49         echo "$IPSEC_SCRIPT command [arguments]"
50         echo
51         echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
52         echo "See <http://www.strongswan.org> for more general information."
53         exit 0
54         ;;
55 --help)
56         echo "$IPSEC_SCRIPT command [arguments]"
57         echo
58         echo "Commands:"
59         echo "  start|restart [arguments]"
60         echo "  update|reload|stop"
61         echo "  up|down|route|unroute <connectionname>"
62         echo "  down-srcip <start> [<end>]"
63         echo "  status|statusall [<connectionname>]"
64         echo "  listalgs|listpubkeys|listcerts [--utc]"
65         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
66         echo "  listacerts|listgroups|listcainfos [--utc]"
67         echo "  listcrls|listocsp|listplugins|listall [--utc]"
68         echo "  listcounters|resetcounters [name]"
69         echo "  leases [<poolname> [<address>]]"
70         echo "  rereadsecrets|rereadcacerts|rereadaacerts"
71         echo "  rereadocspcerts|rereadacerts|rereadcrls|rereadall"
72         echo "  purgecerts|purgecrls|purgeike|purgeocsp"
73         echo "  scepclient|pki"
74         echo "  starter|stroke"
75         echo "  version"
76         echo
77         echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
78         echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
79         exit 0
80         ;;
81 --versioncode)
82         echo "$IPSEC_VERSION"
83         exit 0
84         ;;
85 --directory)
86         echo "$IPSEC_DIR"
87         exit 0
88         ;;
89 --confdir)
90         echo "$IPSEC_CONFDIR"
91         exit 0
92         ;;
93 --piddir)
94         echo "$IPSEC_PIDDIR"
95         exit 0
96         ;;
97 copyright|--copyright)
98         set _copyright
99         # and fall through, invoking "ipsec _copyright"
100         ;;
101 down)
102         shift
103         if [ "$#" -ne 1 ]
104         then
105             echo "Usage: $IPSEC_SCRIPT down <connection name>"
106             exit 2
107         fi
108         rc=7
109         if [ -e $IPSEC_CHARON_PID ]
110         then
111                 $IPSEC_STROKE down "$1"
112                 rc="$?"
113         fi
114         exit "$rc"
115         ;;
116 down-srcip)
117         shift
118         if [ "$#" -lt 1 ]
119         then
120             echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
121             exit 2
122         fi
123         rc=7
124         if [ -e $IPSEC_CHARON_PID ]
125         then
126                 $IPSEC_STROKE down-srcip $*
127                 rc="$?"
128         fi
129         exit "$rc"
130         ;;
131 leases)
132         op="$1"
133         rc=7
134         shift
135         if [ -e $IPSEC_CHARON_PID ]
136         then
137                 case "$#" in
138                 0) $IPSEC_STROKE "$op" ;;
139                 1) $IPSEC_STROKE "$op" "$1" ;;
140                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
141                 esac
142                 rc="$?"
143         fi
144         exit "$rc"
145         ;;
146 listalgs|listpubkeys|listplugins|\
147 listcerts|listcacerts|listaacerts|\
148 listacerts|listgroups|listocspcerts|\
149 listcainfos|listcrls|listocsp|listall|\
150 rereadsecrets|rereadcacerts|rereadaacerts|\
151 rereadacerts|rereadocspcerts|rereadcrls|\
152 rereadall|purgeocsp|listcounters|resetcounters)
153         op="$1"
154         rc=7
155         shift
156         if [ -e $IPSEC_CHARON_PID ]
157         then
158                 $IPSEC_STROKE "$op" "$@"
159                 rc="$?"
160         fi
161         exit "$rc"
162         ;;
163 purgeike|purgecrls|purgecerts)
164         rc=7
165         if [ -e $IPSEC_CHARON_PID ]
166         then
167                 $IPSEC_STROKE "$1"
168                 rc="$?"
169         fi
170         exit "$rc"
171         ;;
172 reload)
173         rc=7
174         if [ -e $IPSEC_STARTER_PID ]
175         then
176                 echo "Reloading strongSwan IPsec configuration..." >&2
177                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
178         else
179                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
180         fi
181         exit "$rc"
182         ;;
183 restart)
184         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
185         sleep 2
186         shift
187         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
188         ;;
189 route|unroute)
190         op="$1"
191         rc=7
192         shift
193         if [ "$#" -ne 1 ]
194         then
195                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
196                 exit 2
197         fi
198         if [ -e $IPSEC_CHARON_PID ]
199         then
200                 $IPSEC_STROKE "$op" "$1"
201                 rc="$?"
202         fi
203         exit "$rc"
204         ;;
205 secrets)
206         rc=7
207         if [ -e $IPSEC_CHARON_PID ]
208         then
209                 $IPSEC_STROKE rereadsecrets
210                 rc="$?"
211         fi
212         exit "$rc"
213         ;;
214 start)
215         shift
216         if [ -d /var/lock/subsys ]; then
217                 touch /var/lock/subsys/ipsec
218         fi
219         exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
220         ;;
221 status|statusall)
222         op="$1"
223         # Return value is slightly different for the status command:
224         # 0 - service up and running
225         # 1 - service dead, but /var/run/  pid  file exists
226         # 2 - service dead, but /var/lock/ lock file exists
227         # 3 - service not running (unused)
228         # 4 - service status unknown :-(
229         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
230         shift
231         if [ $# -eq 0 ]
232         then
233                 if [ -e $IPSEC_CHARON_PID ]
234                 then
235                         $IPSEC_STROKE "$op"
236                 fi
237         else
238                 if [ -e $IPSEC_CHARON_PID ]
239                 then
240                         $IPSEC_STROKE "$op" "$1"
241                 fi
242         fi
243         if [ -e $IPSEC_STARTER_PID ]
244         then
245                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
246                 exit $?
247         fi
248         exit 3
249         ;;
250 stop)
251         # stopping a not-running service is considered as success
252         if [ -e $IPSEC_STARTER_PID ]
253         then
254                 echo "Stopping strongSwan IPsec..." >&2
255                 spid=`cat $IPSEC_STARTER_PID`
256                 if [ -n "$spid" ]
257                 then
258                         kill $spid 2>/dev/null
259                         loop=110
260                         while [ $loop -gt 0 ] ; do
261                                 kill -0 $spid 2>/dev/null || break
262                                 sleep 0.1 2>/dev/null
263                                 if [ $? -ne 0 ]
264                                 then
265                                         sleep 1
266                                         loop=$(($loop - 9))
267                                 fi
268                                 loop=$(($loop - 1))
269                         done
270                         if [ $loop -le 0 ]
271                         then
272                                 kill -KILL $spid 2>/dev/null
273                                 rm -f $IPSEC_STARTER_PID
274                         fi
275                 fi
276         else
277                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
278         fi
279         if [ -d /var/lock/subsys ]; then
280                 rm -f /var/lock/subsys/ipsec
281         fi
282         exit 0
283         ;;
284 up)
285         shift
286         if [ "$#" -ne 1 ]
287         then
288             echo "Usage: $IPSEC_SCRIPT up <connection name>"
289             exit 2
290         fi
291         rc=7
292         if [ -e $IPSEC_CHARON_PID ]
293         then
294                 $IPSEC_STROKE up "$1"
295                 rc="$?"
296         fi
297         exit "$rc"
298         ;;
299 update)
300         if [ -e $IPSEC_STARTER_PID ]
301         then
302                 echo "Updating strongSwan IPsec configuration..." >&2
303                 kill -HUP `cat $IPSEC_STARTER_PID`
304                 exit 0
305         else
306                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
307                 exit 7
308         fi
309         ;;
310 pki)
311         shift
312         exec $IPSEC_BINDIR/pki "$@"
313         ;;
314 aikgen)
315         shift
316         exec $IPSEC_BINDIR/aikgen "$@"
317         ;;
318 version|--version)
319         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
320         printf "$IPSEC_DISTRO\n"
321         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
322         exit 0
323         ;;
324 --*)
325         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
326         exit 2
327         ;;
328 esac
329
330 cmd="$1"
331 shift
332
333 path="$IPSEC_DIR/$cmd"
334
335 if [ ! -x "$path" ]
336 then
337         echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
338         exit 2
339 fi
340
341 exec $path "$@"