Redhat/Fedora requires var/lock/subsys/ipsec for runlevel changes
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi 
6
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16 #
17 # RCSID $Id$
18
19 # define a minimum PATH environment in case it is not set
20 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
21 export PATH
22
23 # name and version of the ipsec implementation
24 IPSEC_NAME="@IPSEC_NAME@"
25 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
26
27 # where the private directory and the config files are
28 IPSEC_DIR="@IPSEC_DIR@"
29 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
30 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
31 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
32
33 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
34 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
35 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
36
37 IPSEC_WHACK="${IPSEC_DIR}/whack"
38 IPSEC_STROKE="${IPSEC_DIR}/stroke"
39 IPSEC_STARTER="${IPSEC_DIR}/starter"
40
41 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
42
43 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
44
45 case "$1" in
46 '')
47         echo "Usage: ipsec command argument ..."
48         echo "Use --help for list of commands, or see ipsec(8) manual page"
49         echo "or the $IPSEC_NAME documentation for names of the common ones."
50         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
51         echo "See <http://www.strongswan.org> for more general info."
52         exit 0
53         ;;
54 --help)
55         echo "Usage: ipsec command argument ..."
56         echo "where command is one of:"
57         echo "  start|restart  arguments..."
58         echo "  update|reload|stop"
59         echo "  up|down|route|unroute <connectionname>"
60         echo "  status|statusall [<connectionname>]"
61         echo "  ready"
62         echo "  listalgs|listpubkeys|listcerts [--utc]"
63         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
64         echo "  listacerts|listgroups|listcainfos [--utc]"
65         echo "  listcrls|listocsp|listcards|listall [--utc]"
66         echo "  rereadsecrets|rereadgroups"
67         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
68         echo "  rereadacerts|rereadcrls|rereadall"
69         echo "  purgeocsp"
70         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
71         echo "  openac"
72         echo "  pluto"
73         echo "  scepclient"
74         echo "  secrets"
75         echo "  starter"
76         echo "  version"
77         echo "  whack"
78         echo "  stroke"
79         echo
80         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
81         exit 0
82         ;;
83 --versioncode)
84         echo "$IPSEC_VERSION"
85         exit 0
86         ;;
87 --directory)
88         echo "$IPSEC_DIR"
89         exit 0
90         ;;
91 --confdir)
92         echo "$IPSEC_CONFDIR"
93         exit 0
94         ;;
95 copyright|--copyright)
96         set _copyright
97         # and fall through, invoking "ipsec _copyright"
98         ;;
99 down)
100         shift
101         if [ "$#" -ne 1 ]
102         then
103             echo "Usage: ipsec down <connection name>"
104             exit 2
105         fi
106         rc=7
107         if [ -e $IPSEC_PLUTO_PID ]
108         then
109                 $IPSEC_WHACK --name "$1" --terminate
110                 rc="$?"
111         fi
112         if [ -e $IPSEC_CHARON_PID ]
113         then
114                 $IPSEC_STROKE down "$1"
115                 rc="$?"
116         fi
117         exit "$rc"
118         ;;
119 down-srcip)
120         shift
121         if [ "$#" -lt 1 ]
122         then
123             echo "Usage: ipsec down-srcip <start> [<end>]"
124             exit 2
125         fi
126         rc=7
127         if [ -e $IPSEC_CHARON_PID ]
128         then
129                 $IPSEC_STROKE down-srcip $*
130                 rc="$?"
131         fi
132         exit "$rc"
133         ;;
134 listalgs|listpubkeys|\listcards|\rereadgroups)
135         op="$1"
136         shift
137         if [ -e $IPSEC_PLUTO_PID ]
138         then
139                 $IPSEC_WHACK "$@" "--$op"
140                 exit "$?"
141         else
142                 if [ -e $IPSEC_CHARON_PID ]
143                 then
144                         exit 3
145                 else
146                         exit 7
147                 fi
148         fi
149         ;;
150 listcerts|listcacerts|listaacerts|\
151 listacerts|listgroups|listocspcerts|\
152 listcainfos|listcrls|listocsp|listall|\
153 rereadsecrets|rereadcacerts|rereadaacerts|\
154 rereadacerts|rereadocspcerts|rereadcrls|\
155 rereadall|purgeocsp)
156         op="$1"
157         rc=7
158         shift
159         if [ -e $IPSEC_PLUTO_PID ]
160         then
161                 $IPSEC_WHACK "$@" "--$op"
162                 rc="$?"
163         fi
164         if [ -e $IPSEC_CHARON_PID ]
165         then
166                 $IPSEC_STROKE "$op" "$@"
167                 rc="$?"
168         fi
169         exit "$rc"
170         ;;
171 ready)
172         shift
173         if [ -e $IPSEC_PLUTO_PID ]
174         then
175                 $IPSEC_WHACK --listen
176                 exit 0
177         else
178                 exit 7
179         fi
180         ;;
181 reload)
182         rc=7
183         if [ -e $IPSEC_STARTER_PID ]
184         then
185                 echo "Reloading strongSwan IPsec configuration..." >&2
186                 kill -s USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
187         else
188                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
189         fi
190         exit "$rc"
191         ;;
192 restart)
193         $IPSEC_SBINDIR/ipsec stop
194         sleep 2
195         shift
196         exec $IPSEC_SBINDIR/ipsec start "$@"
197         ;;
198 route|unroute)
199         op="$1"
200         rc=7
201         shift
202         if [ "$#" -ne 1 ]
203         then
204                 echo "Usage: ipsec $op <connection name>"
205                 exit 2
206         fi
207         if [ -e $IPSEC_PLUTO_PID ]
208         then
209                 $IPSEC_WHACK --name "$1" "--$op"
210                 rc="$?"
211         fi
212         if [ -e $IPSEC_CHARON_PID ]
213         then
214                 $IPSEC_STROKE "$op" "$1"
215                 rc="$?"
216         fi
217         exit "$rc"
218         ;;
219 scencrypt|scdecrypt)
220         op="$1"
221         shift
222         if [ -e $IPSEC_PLUTO_PID ]
223         then
224                 $IPSEC_WHACK "--$op" "$@"
225                 exit "$?"
226         else
227                 exit 7
228         fi
229         ;;
230 secrets)
231         rc=7
232         if [ -e $IPSEC_PLUTO_PID ]
233         then
234                 $IPSEC_WHACK --rereadsecrets
235                 rc="$?"
236         fi
237         if [ -e $IPSEC_CHARON_PID ]
238         then
239                 $IPSEC_STROKE rereadsecrets
240                 rc="$?"
241         fi
242         exit "$rc"
243         ;;
244 start)
245         shift
246         if [ -d /var/lock/subsys ]; then
247                 touch /var/lock/subsys/ipsec
248         fi
249         exec $IPSEC_STARTER "$@"
250         ;;
251 status|statusall)
252         op="$1"
253         # Return value is slightly different for the status command:
254         # 0 - service up and running
255         # 1 - service dead, but /var/run/  pid  file exists
256         # 2 - service dead, but /var/lock/ lock file exists
257         # 3 - service not running (unused)
258         # 4 - service status unknown :-(
259         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
260         shift
261         if [ $# -eq 0 ]
262         then
263                 if [ -e $IPSEC_PLUTO_PID ]
264                 then
265                         $IPSEC_WHACK "--$op"
266                 fi
267                 if [ -e $IPSEC_CHARON_PID ]
268                 then
269                         $IPSEC_STROKE "$op"
270                 fi
271         else
272                 if [ -e $IPSEC_PLUTO_PID ]
273                 then
274                         $IPSEC_WHACK --name "$1" "--$op"
275                 fi
276                 if [ -e $IPSEC_CHARON_PID ]
277                 then
278                         $IPSEC_STROKE "$op" "$1"
279                 fi
280         fi
281         if [ -e $IPSEC_STARTER_PID ]
282         then
283                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
284                 exit $?
285         fi
286         exit 3
287         ;;
288 stop)
289         # stopping a not-running service is considered as success
290         if [ -e $IPSEC_STARTER_PID ]
291         then
292                 echo "Stopping strongSwan IPsec..." >&2
293                 spid=`cat $IPSEC_STARTER_PID`
294                 if [ -n "$spid" ]
295                 then
296                         kill $spid 2>/dev/null
297                         loop=5
298                         while [ $loop -gt 0 ] ; do
299                                 kill -s 0 $spid 2>/dev/null || break
300                                 sleep 1
301                                 loop=$(($loop - 1))
302                         done
303                         if [ $loop -eq 0 ]
304                         then
305                                 kill -s KILL $spid 2>/dev/null
306                                 rm -f $IPSEC_STARTER_PID
307                         fi
308                 fi
309         else
310                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
311         fi
312         if [ -d /var/lock/subsys ]; then
313                 rm -f /var/lock/subsys/ipsec
314         fi
315         exit 0
316         ;;
317 up)
318         shift
319         if [ "$#" -ne 1 ]
320         then
321             echo "Usage: ipsec up <connection name>"
322             exit 2
323         fi
324         rc=7
325         if [ -e $IPSEC_PLUTO_PID ]
326         then
327                 $IPSEC_WHACK --name "$1" --initiate
328                 rc="$?"
329         fi
330         if [ -e $IPSEC_CHARON_PID ]
331         then
332                 $IPSEC_STROKE up "$1"
333                 rc="$?"
334         fi
335         exit "$rc"
336         ;;
337 update)
338         if [ -e $IPSEC_STARTER_PID ]
339         then
340                 echo "Updating strongSwan IPsec configuration..." >&2
341                 kill -s HUP `cat $IPSEC_STARTER_PID`
342                 exit 0
343         else
344                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
345                 exit 7
346         fi
347         ;;
348 version|--version)
349         printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
350         printf "$IPSEC_DISTRO\n"
351         printf "See 'ipsec --copyright' for copyright information.\n"
352         exit 0
353         ;;
354 --*)
355         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
356         exit 2
357         ;;
358 esac
359
360 cmd="$1"
361 shift
362
363 path="$IPSEC_DIR/$cmd"
364
365 if [ ! -x "$path" ]
366 then
367     path="$IPSEC_DIR/$cmd"
368     if [ ! -x "$path" ]
369     then
370         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
371         exit 2
372     fi
373 fi
374
375 exec $path "$@"