Merge branch 'radius-ext'
[strongswan.git] / src / ipsec / _ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
19 export PATH
20
21 # name and version of the ipsec implementation
22 OS_NAME=`uname -s`
23 IPSEC_NAME="@IPSEC_NAME@"
24 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
25
26 # where the private directory and the config files are
27 IPSEC_DIR="@IPSEC_DIR@"
28 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
29 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
30 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
31 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
32
33 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
34 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
35
36 IPSEC_STROKE="${IPSEC_DIR}/stroke"
37 IPSEC_STARTER="${IPSEC_DIR}/starter"
38
39 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
40
41 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
42
43 case "$1" in
44 '')
45         echo "Usage: $IPSEC_SCRIPT command argument ..."
46         echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual "
47         echo "page or the $IPSEC_NAME documentation for names of the common "
48         echo "ones."
49         echo "See <http://www.strongswan.org> for more general info."
50         exit 0
51         ;;
52 --help)
53         echo "Usage: $IPSEC_SCRIPT command argument ..."
54         echo "where command is one of:"
55         echo "  start|restart  arguments..."
56         echo "  update|reload|stop"
57         echo "  up|down|route|unroute <connectionname>"
58         echo "  status|statusall [<connectionname>]"
59         echo "  listalgs|listpubkeys|listcerts [--utc]"
60         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
61         echo "  listacerts|listgroups|listcainfos [--utc]"
62         echo "  listcrls|listocsp|listcards|listplugins|listall [--utc]"
63         echo "  listcounters|resetcounters [name]"
64         echo "  leases [<poolname> [<address>]]"
65         echo "  rereadsecrets|rereadgroups"
66         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
67         echo "  rereadacerts|rereadcrls|rereadall"
68         echo "  purgeocsp|purgecrls|purgecerts|purgeike"
69         echo "  openac"
70         echo "  scepclient"
71         echo "  secrets"
72         echo "  starter"
73         echo "  version"
74         echo "  stroke"
75         echo
76         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
77         exit 0
78         ;;
79 --versioncode)
80         echo "$IPSEC_VERSION"
81         exit 0
82         ;;
83 --directory)
84         echo "$IPSEC_DIR"
85         exit 0
86         ;;
87 --confdir)
88         echo "$IPSEC_CONFDIR"
89         exit 0
90         ;;
91 copyright|--copyright)
92         set _copyright
93         # and fall through, invoking "ipsec _copyright"
94         ;;
95 down)
96         shift
97         if [ "$#" -ne 1 ]
98         then
99             echo "Usage: $IPSEC_SCRIPT down <connection name>"
100             exit 2
101         fi
102         rc=7
103         if [ -e $IPSEC_CHARON_PID ]
104         then
105                 $IPSEC_STROKE down "$1"
106                 rc="$?"
107         fi
108         exit "$rc"
109         ;;
110 down-srcip)
111         shift
112         if [ "$#" -lt 1 ]
113         then
114             echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
115             exit 2
116         fi
117         rc=7
118         if [ -e $IPSEC_CHARON_PID ]
119         then
120                 $IPSEC_STROKE down-srcip $*
121                 rc="$?"
122         fi
123         exit "$rc"
124         ;;
125 listcards|rereadgroups)
126         op="$1"
127         shift
128         if [ -e $IPSEC_CHARON_PID ]
129         then
130                 exit 3
131         else
132                 exit 7
133         fi
134         ;;
135 leases)
136         op="$1"
137         rc=7
138         shift
139         if [ -e $IPSEC_CHARON_PID ]
140         then
141                 case "$#" in
142                 0) $IPSEC_STROKE "$op" ;;
143                 1) $IPSEC_STROKE "$op" "$1" ;;
144                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
145                 esac
146                 rc="$?"
147         fi
148         exit "$rc"
149         ;;
150 listalgs|listpubkeys|listplugins|\
151 listcerts|listcacerts|listaacerts|\
152 listacerts|listgroups|listocspcerts|\
153 listcainfos|listcrls|listocsp|listall|\
154 rereadsecrets|rereadcacerts|rereadaacerts|\
155 rereadacerts|rereadocspcerts|rereadcrls|\
156 rereadall|purgeocsp|listcounters|resetcounters)
157         op="$1"
158         rc=7
159         shift
160         if [ -e $IPSEC_CHARON_PID ]
161         then
162                 $IPSEC_STROKE "$op" "$@"
163                 rc="$?"
164         fi
165         exit "$rc"
166         ;;
167 purgeike|purgecrls|purgecerts)
168         rc=7
169         if [ -e $IPSEC_CHARON_PID ]
170         then
171                 $IPSEC_STROKE "$1"
172                 rc="$?"
173         fi
174         exit "$rc"
175         ;;
176 reload)
177         rc=7
178         if [ -e $IPSEC_STARTER_PID ]
179         then
180                 echo "Reloading strongSwan IPsec configuration..." >&2
181                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
182         else
183                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
184         fi
185         exit "$rc"
186         ;;
187 restart)
188         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
189         sleep 2
190         shift
191         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
192         ;;
193 route|unroute)
194         op="$1"
195         rc=7
196         shift
197         if [ "$#" -ne 1 ]
198         then
199                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
200                 exit 2
201         fi
202         if [ -e $IPSEC_CHARON_PID ]
203         then
204                 $IPSEC_STROKE "$op" "$1"
205                 rc="$?"
206         fi
207         exit "$rc"
208         ;;
209 secrets)
210         rc=7
211         if [ -e $IPSEC_CHARON_PID ]
212         then
213                 $IPSEC_STROKE rereadsecrets
214                 rc="$?"
215         fi
216         exit "$rc"
217         ;;
218 start)
219         shift
220         if [ -d /var/lock/subsys ]; then
221                 touch /var/lock/subsys/ipsec
222         fi
223         exec $IPSEC_STARTER "$@"
224         ;;
225 status|statusall)
226         op="$1"
227         # Return value is slightly different for the status command:
228         # 0 - service up and running
229         # 1 - service dead, but /var/run/  pid  file exists
230         # 2 - service dead, but /var/lock/ lock file exists
231         # 3 - service not running (unused)
232         # 4 - service status unknown :-(
233         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
234         shift
235         if [ $# -eq 0 ]
236         then
237                 if [ -e $IPSEC_CHARON_PID ]
238                 then
239                         $IPSEC_STROKE "$op"
240                 fi
241         else
242                 if [ -e $IPSEC_CHARON_PID ]
243                 then
244                         $IPSEC_STROKE "$op" "$1"
245                 fi
246         fi
247         if [ -e $IPSEC_STARTER_PID ]
248         then
249                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
250                 exit $?
251         fi
252         exit 3
253         ;;
254 stop)
255         # stopping a not-running service is considered as success
256         if [ -e $IPSEC_STARTER_PID ]
257         then
258                 echo "Stopping strongSwan IPsec..." >&2
259                 spid=`cat $IPSEC_STARTER_PID`
260                 if [ -n "$spid" ]
261                 then
262                         kill $spid 2>/dev/null
263                         loop=11
264                         while [ $loop -gt 0 ] ; do
265                                 kill -0 $spid 2>/dev/null || break
266                                 sleep 1
267                                 loop=$(($loop - 1))
268                         done
269                         if [ $loop -eq 0 ]
270                         then
271                                 kill -KILL $spid 2>/dev/null
272                                 rm -f $IPSEC_STARTER_PID
273                         fi
274                 fi
275         else
276                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
277         fi
278         if [ -d /var/lock/subsys ]; then
279                 rm -f /var/lock/subsys/ipsec
280         fi
281         exit 0
282         ;;
283 up)
284         shift
285         if [ "$#" -ne 1 ]
286         then
287             echo "Usage: $IPSEC_SCRIPT up <connection name>"
288             exit 2
289         fi
290         rc=7
291         if [ -e $IPSEC_CHARON_PID ]
292         then
293                 $IPSEC_STROKE up "$1"
294                 rc="$?"
295         fi
296         exit "$rc"
297         ;;
298 update)
299         if [ -e $IPSEC_STARTER_PID ]
300         then
301                 echo "Updating strongSwan IPsec configuration..." >&2
302                 kill -HUP `cat $IPSEC_STARTER_PID`
303                 exit 0
304         else
305                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
306                 exit 7
307         fi
308         ;;
309 version|--version)
310         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
311         printf "$IPSEC_DISTRO\n"
312         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
313         exit 0
314         ;;
315 --*)
316         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
317         exit 2
318         ;;
319 esac
320
321 cmd="$1"
322 shift
323
324 path="$IPSEC_DIR/$cmd"
325
326 if [ ! -x "$path" ]
327 then
328     path="$IPSEC_DIR/$cmd"
329     if [ ! -x "$path" ]
330     then
331         echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
332         exit 2
333     fi
334 fi
335
336 exec $path "$@"