src/ipsec/_ipsec.in

   1 #! @IPSEC_SHELL@
   2 # prefix command to run stuff from our programs directory
   3 # Copyright (C) 1998-2002  Henry Spencer.
   4 # Copyright (C) 2006 Andreas Steffen
   5 # Copyright (C) 2006 Martin Willi
   6 #
   7 # This program is free software; you can redistribute it and/or modify it
   8 # under the terms of the GNU General Public License as published by the
   9 # Free Software Foundation; either version 2 of the License, or (at your
  10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11 #
  12 # This program is distributed in the hope that it will be useful, but
  13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15 # for more details.
  16
  17 # define a minimum PATH environment in case it is not set
  18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
  19 export PATH
  20
  21 # name and version of the ipsec implementation
  22 OS_NAME=`uname -s`
  23 IPSEC_NAME="@IPSEC_NAME@"
  24 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
  25
  26 # where the private directory and the config files are
  27 IPSEC_DIR="@IPSEC_DIR@"
  28 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
  29 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
  30 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
  31 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
  32
  33 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
  34 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
  35
  36 IPSEC_STROKE="${IPSEC_DIR}/stroke"
  37 IPSEC_STARTER="${IPSEC_DIR}/starter"
  38
  39 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
  40
  41 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
  42
  43 case "$1" in
  44 '')
  45         echo "Usage: $IPSEC_SCRIPT command argument ..."
  46         echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual "
  47         echo "page or the $IPSEC_NAME documentation for names of the common "
  48         echo "ones."
  49         echo "See <http://www.strongswan.org> for more general info."
  50         exit 0
  51         ;;
  52 --help)
  53         echo "Usage: $IPSEC_SCRIPT command argument ..."
  54         echo "where command is one of:"
  55         echo "  start|restart  arguments..."
  56         echo "  update|reload|stop"
  57         echo "  up|down|route|unroute <connectionname>"
  58         echo "  status|statusall [<connectionname>]"
  59         echo "  listalgs|listpubkeys|listcerts [--utc]"
  60         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
  61         echo "  listacerts|listgroups|listcainfos [--utc]"
  62         echo "  listcrls|listocsp|listcards|listplugins|listall [--utc]"
  63         echo "  listcounters|resetcounters [name]"
  64         echo "  leases [<poolname> [<address>]]"
  65         echo "  rereadsecrets|rereadgroups"
  66         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
  67         echo "  rereadacerts|rereadcrls|rereadall"
  68         echo "  purgeocsp|purgecrls|purgecerts|purgeike"
  69         echo "  openac"
  70         echo "  scepclient"
  71         echo "  secrets"
  72         echo "  starter"
  73         echo "  version"
  74         echo "  stroke"
  75         echo
  76         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
  77         exit 0
  78         ;;
  79 --versioncode)
  80         echo "$IPSEC_VERSION"
  81         exit 0
  82         ;;
  83 --directory)
  84         echo "$IPSEC_DIR"
  85         exit 0
  86         ;;
  87 --confdir)
  88         echo "$IPSEC_CONFDIR"
  89         exit 0
  90         ;;
  91 copyright|--copyright)
  92         set _copyright
  93         # and fall through, invoking "ipsec _copyright"
  94         ;;
  95 down)
  96         shift
  97         if [ "$#" -ne 1 ]
  98         then
  99             echo "Usage: $IPSEC_SCRIPT down <connection name>"
 100             exit 2
 101         fi
 102         rc=7
 103         if [ -e $IPSEC_CHARON_PID ]
 104         then
 105                 $IPSEC_STROKE down "$1"
 106                 rc="$?"
 107         fi
 108         exit "$rc"
 109         ;;
 110 down-srcip)
 111         shift
 112         if [ "$#" -lt 1 ]
 113         then
 114             echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
 115             exit 2
 116         fi
 117         rc=7
 118         if [ -e $IPSEC_CHARON_PID ]
 119         then
 120                 $IPSEC_STROKE down-srcip $*
 121                 rc="$?"
 122         fi
 123         exit "$rc"
 124         ;;
 125 listcards|rereadgroups)
 126         op="$1"
 127         shift
 128         if [ -e $IPSEC_CHARON_PID ]
 129         then
 130                 exit 3
 131         else
 132                 exit 7
 133         fi
 134         ;;
 135 leases)
 136         op="$1"
 137         rc=7
 138         shift
 139         if [ -e $IPSEC_CHARON_PID ]
 140         then
 141                 case "$#" in
 142                 0) $IPSEC_STROKE "$op" ;;
 143                 1) $IPSEC_STROKE "$op" "$1" ;;
 144                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
 145                 esac
 146                 rc="$?"
 147         fi
 148         exit "$rc"
 149         ;;
 150 listalgs|listpubkeys|listplugins|\
 151 listcerts|listcacerts|listaacerts|\
 152 listacerts|listgroups|listocspcerts|\
 153 listcainfos|listcrls|listocsp|listall|\
 154 rereadsecrets|rereadcacerts|rereadaacerts|\
 155 rereadacerts|rereadocspcerts|rereadcrls|\
 156 rereadall|purgeocsp|listcounters|resetcounters)
 157         op="$1"
 158         rc=7
 159         shift
 160         if [ -e $IPSEC_CHARON_PID ]
 161         then
 162                 $IPSEC_STROKE "$op" "$@"
 163                 rc="$?"
 164         fi
 165         exit "$rc"
 166         ;;
 167 purgeike|purgecrls|purgecerts)
 168         rc=7
 169         if [ -e $IPSEC_CHARON_PID ]
 170         then
 171                 $IPSEC_STROKE "$1"
 172                 rc="$?"
 173         fi
 174         exit "$rc"
 175         ;;
 176 reload)
 177         rc=7
 178         if [ -e $IPSEC_STARTER_PID ]
 179         then
 180                 echo "Reloading strongSwan IPsec configuration..." >&2
 181                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
 182         else
 183                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
 184         fi
 185         exit "$rc"
 186         ;;
 187 restart)
 188         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
 189         sleep 2
 190         shift
 191         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
 192         ;;
 193 route|unroute)
 194         op="$1"
 195         rc=7
 196         shift
 197         if [ "$#" -ne 1 ]
 198         then
 199                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
 200                 exit 2
 201         fi
 202         if [ -e $IPSEC_CHARON_PID ]
 203         then
 204                 $IPSEC_STROKE "$op" "$1"
 205                 rc="$?"
 206         fi
 207         exit "$rc"
 208         ;;
 209 secrets)
 210         rc=7
 211         if [ -e $IPSEC_CHARON_PID ]
 212         then
 213                 $IPSEC_STROKE rereadsecrets
 214                 rc="$?"
 215         fi
 216         exit "$rc"
 217         ;;
 218 start)
 219         shift
 220         if [ -d /var/lock/subsys ]; then
 221                 touch /var/lock/subsys/ipsec
 222         fi
 223         exec $IPSEC_STARTER "$@"
 224         ;;
 225 status|statusall)
 226         op="$1"
 227         # Return value is slightly different for the status command:
 228         # 0 - service up and running
 229         # 1 - service dead, but /var/run/  pid  file exists
 230         # 2 - service dead, but /var/lock/ lock file exists
 231         # 3 - service not running (unused)
 232         # 4 - service status unknown :-(
 233         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
 234         shift
 235         if [ $# -eq 0 ]
 236         then
 237                 if [ -e $IPSEC_CHARON_PID ]
 238                 then
 239                         $IPSEC_STROKE "$op"
 240                 fi
 241         else
 242                 if [ -e $IPSEC_CHARON_PID ]
 243                 then
 244                         $IPSEC_STROKE "$op" "$1"
 245                 fi
 246         fi
 247         if [ -e $IPSEC_STARTER_PID ]
 248         then
 249                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
 250                 exit $?
 251         fi
 252         exit 3
 253         ;;
 254 stop)
 255         # stopping a not-running service is considered as success
 256         if [ -e $IPSEC_STARTER_PID ]
 257         then
 258                 echo "Stopping strongSwan IPsec..." >&2
 259                 spid=`cat $IPSEC_STARTER_PID`
 260                 if [ -n "$spid" ]
 261                 then
 262                         kill $spid 2>/dev/null
 263                         loop=11
 264                         while [ $loop -gt 0 ] ; do
 265                                 kill -0 $spid 2>/dev/null || break
 266                                 sleep 1
 267                                 loop=$(($loop - 1))
 268                         done
 269                         if [ $loop -eq 0 ]
 270                         then
 271                                 kill -KILL $spid 2>/dev/null
 272                                 rm -f $IPSEC_STARTER_PID
 273                         fi
 274                 fi
 275         else
 276                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
 277         fi
 278         if [ -d /var/lock/subsys ]; then
 279                 rm -f /var/lock/subsys/ipsec
 280         fi
 281         exit 0
 282         ;;
 283 up)
 284         shift
 285         if [ "$#" -ne 1 ]
 286         then
 287             echo "Usage: $IPSEC_SCRIPT up <connection name>"
 288             exit 2
 289         fi
 290         rc=7
 291         if [ -e $IPSEC_CHARON_PID ]
 292         then
 293                 $IPSEC_STROKE up "$1"
 294                 rc="$?"
 295         fi
 296         exit "$rc"
 297         ;;
 298 update)
 299         if [ -e $IPSEC_STARTER_PID ]
 300         then
 301                 echo "Updating strongSwan IPsec configuration..." >&2
 302                 kill -HUP `cat $IPSEC_STARTER_PID`
 303                 exit 0
 304         else
 305                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
 306                 exit 7
 307         fi
 308         ;;
 309 version|--version)
 310         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
 311         printf "$IPSEC_DISTRO\n"
 312         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
 313         exit 0
 314         ;;
 315 --*)
 316         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
 317         exit 2
 318         ;;
 319 esac
 320
 321 cmd="$1"
 322 shift
 323
 324 path="$IPSEC_DIR/$cmd"
 325
 326 if [ ! -x "$path" ]
 327 then
 328     path="$IPSEC_DIR/$cmd"
 329     if [ ! -x "$path" ]
 330     then
 331         echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
 332         exit 2
 333     fi
 334 fi
 335
 336 exec $path "$@"