aikgen generates AIK private/public key pairs
[strongswan.git] / src / ipsec / _ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006-2014 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
19 export PATH
20
21 # set daemon name
22 [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
23
24 # name and version of the ipsec implementation
25 OS_NAME=`uname -s`
26 IPSEC_NAME="@IPSEC_NAME@"
27 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
28
29 # where the private directory and the config files are
30 IPSEC_DIR="@IPSEC_DIR@"
31 IPSEC_BINDIR="@IPSEC_BINDIR@"
32 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
33 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
34 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
35 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
36
37 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
38 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
39
40 IPSEC_STROKE="${IPSEC_DIR}/stroke"
41 IPSEC_STARTER="${IPSEC_DIR}/starter"
42
43 export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
44
45 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
46
47 case "$1" in
48 '')
49         echo "Usage: $IPSEC_SCRIPT command argument ..."
50         echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual "
51         echo "page or the $IPSEC_NAME documentation for names of the common "
52         echo "ones."
53         echo "See <http://www.strongswan.org> for more general info."
54         exit 0
55         ;;
56 --help)
57         echo "Usage: $IPSEC_SCRIPT command argument ..."
58         echo "where command is one of:"
59         echo "  start|restart  arguments..."
60         echo "  update|reload|stop"
61         echo "  up|down|route|unroute <connectionname>"
62         echo "  status|statusall [<connectionname>]"
63         echo "  listalgs|listpubkeys|listcerts [--utc]"
64         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
65         echo "  listacerts|listgroups|listcainfos [--utc]"
66         echo "  listcrls|listocsp|listcards|listplugins|listall [--utc]"
67         echo "  listcounters|resetcounters [name]"
68         echo "  leases [<poolname> [<address>]]"
69         echo "  rereadsecrets|rereadgroups"
70         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
71         echo "  rereadacerts|rereadcrls|rereadall"
72         echo "  purgeocsp|purgecrls|purgecerts|purgeike"
73         echo "  scepclient"
74         echo "  secrets"
75         echo "  starter"
76         echo "  version"
77         echo "  stroke"
78         echo
79         echo "Some of these functions have their own manual pages, e.g. scepclient(8)."
80         exit 0
81         ;;
82 --versioncode)
83         echo "$IPSEC_VERSION"
84         exit 0
85         ;;
86 --directory)
87         echo "$IPSEC_DIR"
88         exit 0
89         ;;
90 --confdir)
91         echo "$IPSEC_CONFDIR"
92         exit 0
93         ;;
94 --piddir)
95         echo "$IPSEC_PIDDIR"
96         exit 0
97         ;;
98 copyright|--copyright)
99         set _copyright
100         # and fall through, invoking "ipsec _copyright"
101         ;;
102 down)
103         shift
104         if [ "$#" -ne 1 ]
105         then
106             echo "Usage: $IPSEC_SCRIPT down <connection name>"
107             exit 2
108         fi
109         rc=7
110         if [ -e $IPSEC_CHARON_PID ]
111         then
112                 $IPSEC_STROKE down "$1"
113                 rc="$?"
114         fi
115         exit "$rc"
116         ;;
117 down-srcip)
118         shift
119         if [ "$#" -lt 1 ]
120         then
121             echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
122             exit 2
123         fi
124         rc=7
125         if [ -e $IPSEC_CHARON_PID ]
126         then
127                 $IPSEC_STROKE down-srcip $*
128                 rc="$?"
129         fi
130         exit "$rc"
131         ;;
132 listcards|rereadgroups)
133         op="$1"
134         shift
135         if [ -e $IPSEC_CHARON_PID ]
136         then
137                 exit 3
138         else
139                 exit 7
140         fi
141         ;;
142 leases)
143         op="$1"
144         rc=7
145         shift
146         if [ -e $IPSEC_CHARON_PID ]
147         then
148                 case "$#" in
149                 0) $IPSEC_STROKE "$op" ;;
150                 1) $IPSEC_STROKE "$op" "$1" ;;
151                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
152                 esac
153                 rc="$?"
154         fi
155         exit "$rc"
156         ;;
157 listalgs|listpubkeys|listplugins|\
158 listcerts|listcacerts|listaacerts|\
159 listacerts|listgroups|listocspcerts|\
160 listcainfos|listcrls|listocsp|listall|\
161 rereadsecrets|rereadcacerts|rereadaacerts|\
162 rereadacerts|rereadocspcerts|rereadcrls|\
163 rereadall|purgeocsp|listcounters|resetcounters)
164         op="$1"
165         rc=7
166         shift
167         if [ -e $IPSEC_CHARON_PID ]
168         then
169                 $IPSEC_STROKE "$op" "$@"
170                 rc="$?"
171         fi
172         exit "$rc"
173         ;;
174 purgeike|purgecrls|purgecerts)
175         rc=7
176         if [ -e $IPSEC_CHARON_PID ]
177         then
178                 $IPSEC_STROKE "$1"
179                 rc="$?"
180         fi
181         exit "$rc"
182         ;;
183 reload)
184         rc=7
185         if [ -e $IPSEC_STARTER_PID ]
186         then
187                 echo "Reloading strongSwan IPsec configuration..." >&2
188                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
189         else
190                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
191         fi
192         exit "$rc"
193         ;;
194 restart)
195         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
196         sleep 2
197         shift
198         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
199         ;;
200 route|unroute)
201         op="$1"
202         rc=7
203         shift
204         if [ "$#" -ne 1 ]
205         then
206                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
207                 exit 2
208         fi
209         if [ -e $IPSEC_CHARON_PID ]
210         then
211                 $IPSEC_STROKE "$op" "$1"
212                 rc="$?"
213         fi
214         exit "$rc"
215         ;;
216 secrets)
217         rc=7
218         if [ -e $IPSEC_CHARON_PID ]
219         then
220                 $IPSEC_STROKE rereadsecrets
221                 rc="$?"
222         fi
223         exit "$rc"
224         ;;
225 start)
226         shift
227         if [ -d /var/lock/subsys ]; then
228                 touch /var/lock/subsys/ipsec
229         fi
230         exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
231         ;;
232 status|statusall)
233         op="$1"
234         # Return value is slightly different for the status command:
235         # 0 - service up and running
236         # 1 - service dead, but /var/run/  pid  file exists
237         # 2 - service dead, but /var/lock/ lock file exists
238         # 3 - service not running (unused)
239         # 4 - service status unknown :-(
240         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
241         shift
242         if [ $# -eq 0 ]
243         then
244                 if [ -e $IPSEC_CHARON_PID ]
245                 then
246                         $IPSEC_STROKE "$op"
247                 fi
248         else
249                 if [ -e $IPSEC_CHARON_PID ]
250                 then
251                         $IPSEC_STROKE "$op" "$1"
252                 fi
253         fi
254         if [ -e $IPSEC_STARTER_PID ]
255         then
256                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
257                 exit $?
258         fi
259         exit 3
260         ;;
261 stop)
262         # stopping a not-running service is considered as success
263         if [ -e $IPSEC_STARTER_PID ]
264         then
265                 echo "Stopping strongSwan IPsec..." >&2
266                 spid=`cat $IPSEC_STARTER_PID`
267                 if [ -n "$spid" ]
268                 then
269                         kill $spid 2>/dev/null
270                         loop=11
271                         while [ $loop -gt 0 ] ; do
272                                 kill -0 $spid 2>/dev/null || break
273                                 sleep 1
274                                 loop=$(($loop - 1))
275                         done
276                         if [ $loop -eq 0 ]
277                         then
278                                 kill -KILL $spid 2>/dev/null
279                                 rm -f $IPSEC_STARTER_PID
280                         fi
281                 fi
282         else
283                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
284         fi
285         if [ -d /var/lock/subsys ]; then
286                 rm -f /var/lock/subsys/ipsec
287         fi
288         exit 0
289         ;;
290 up)
291         shift
292         if [ "$#" -ne 1 ]
293         then
294             echo "Usage: $IPSEC_SCRIPT up <connection name>"
295             exit 2
296         fi
297         rc=7
298         if [ -e $IPSEC_CHARON_PID ]
299         then
300                 $IPSEC_STROKE up "$1"
301                 rc="$?"
302         fi
303         exit "$rc"
304         ;;
305 update)
306         if [ -e $IPSEC_STARTER_PID ]
307         then
308                 echo "Updating strongSwan IPsec configuration..." >&2
309                 kill -HUP `cat $IPSEC_STARTER_PID`
310                 exit 0
311         else
312                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
313                 exit 7
314         fi
315         ;;
316 pki)
317         shift
318         exec $IPSEC_BINDIR/pki "$@"
319         ;;
320 aikgen)
321         shift
322         exec $IPSEC_BINDIR/aikgen "$@"
323         ;;
324 version|--version)
325         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
326         printf "$IPSEC_DISTRO\n"
327         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
328         exit 0
329         ;;
330 --*)
331         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
332         exit 2
333         ;;
334 esac
335
336 cmd="$1"
337 shift
338
339 path="$IPSEC_DIR/$cmd"
340
341 if [ ! -x "$path" ]
342 then
343     path="$IPSEC_DIR/$cmd"
344     if [ ! -x "$path" ]
345     then
346         echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
347         exit 2
348     fi
349 fi
350
351 exec $path "$@"