Migrated ike_mobike task to INIT/METHOD macros.
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
19 export PATH
20
21 # name and version of the ipsec implementation
22 IPSEC_NAME="@IPSEC_NAME@"
23 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
24
25 # where the private directory and the config files are
26 IPSEC_DIR="@IPSEC_DIR@"
27 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
28 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
29 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
30
31 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
32 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
33 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
34
35 IPSEC_WHACK="${IPSEC_DIR}/whack"
36 IPSEC_STROKE="${IPSEC_DIR}/stroke"
37 IPSEC_STARTER="${IPSEC_DIR}/starter"
38
39 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
40
41 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
42
43 case "$1" in
44 '')
45         echo "Usage: ipsec command argument ..."
46         echo "Use --help for list of commands, or see ipsec(8) manual page"
47         echo "or the $IPSEC_NAME documentation for names of the common ones."
48         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
49         echo "See <http://www.strongswan.org> for more general info."
50         exit 0
51         ;;
52 --help)
53         echo "Usage: ipsec command argument ..."
54         echo "where command is one of:"
55         echo "  start|restart  arguments..."
56         echo "  update|reload|stop"
57         echo "  up|down|route|unroute <connectionname>"
58         echo "  status|statusall [<connectionname>]"
59         echo "  ready"
60         echo "  listalgs|listpubkeys|listcerts [--utc]"
61         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
62         echo "  listacerts|listgroups|listcainfos [--utc]"
63         echo "  listcrls|listocsp|listcards|listall [--utc]"
64         echo "  leases [<poolname> [<address>]]"
65         echo "  rereadsecrets|rereadgroups"
66         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
67         echo "  rereadacerts|rereadcrls|rereadall"
68         echo "  purgeocsp|purgeike"
69         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
70         echo "  openac"
71         echo "  pluto"
72         echo "  scepclient"
73         echo "  secrets"
74         echo "  starter"
75         echo "  version"
76         echo "  whack"
77         echo "  stroke"
78         echo
79         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
80         exit 0
81         ;;
82 --versioncode)
83         echo "$IPSEC_VERSION"
84         exit 0
85         ;;
86 --directory)
87         echo "$IPSEC_DIR"
88         exit 0
89         ;;
90 --confdir)
91         echo "$IPSEC_CONFDIR"
92         exit 0
93         ;;
94 copyright|--copyright)
95         set _copyright
96         # and fall through, invoking "ipsec _copyright"
97         ;;
98 down)
99         shift
100         if [ "$#" -ne 1 ]
101         then
102             echo "Usage: ipsec down <connection name>"
103             exit 2
104         fi
105         rc=7
106         if [ -e $IPSEC_PLUTO_PID ]
107         then
108                 $IPSEC_WHACK --name "$1" --terminate
109                 rc="$?"
110         fi
111         if [ -e $IPSEC_CHARON_PID ]
112         then
113                 $IPSEC_STROKE down "$1"
114                 rc="$?"
115         fi
116         exit "$rc"
117         ;;
118 down-srcip)
119         shift
120         if [ "$#" -lt 1 ]
121         then
122             echo "Usage: ipsec down-srcip <start> [<end>]"
123             exit 2
124         fi
125         rc=7
126         if [ -e $IPSEC_CHARON_PID ]
127         then
128                 $IPSEC_STROKE down-srcip $*
129                 rc="$?"
130         fi
131         exit "$rc"
132         ;;
133 listcards|rereadgroups)
134         op="$1"
135         shift
136         if [ -e $IPSEC_PLUTO_PID ]
137         then
138                 $IPSEC_WHACK "$@" "--$op"
139                 rc="$?"
140         fi
141         if [ -e $IPSEC_CHARON_PID ]
142         then
143                 exit 3
144         else
145                 exit 7
146         fi
147         ;;
148 leases)
149         op="$1"
150         rc=7
151         shift
152         if [ -e $IPSEC_PLUTO_PID ]
153         then
154                 case "$#" in
155                 0) $IPSEC_WHACK "--$op" ;;
156                 1) $IPSEC_WHACK "--$op" --name "$1" ;;
157                 *) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;;
158                 esac
159                 rc="$?"
160         fi
161         if [ -e $IPSEC_CHARON_PID ]
162         then
163                 case "$#" in
164                 0) $IPSEC_STROKE "$op" ;;
165                 1) $IPSEC_STROKE "$op" "$1" ;;
166                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
167                 esac
168                 rc="$?"
169         fi
170         exit "$rc"
171         ;;
172 listalgs|\listpubkeys|\
173 listcerts|listcacerts|listaacerts|\
174 listacerts|listgroups|listocspcerts|\
175 listcainfos|listcrls|listocsp|listall|\
176 rereadsecrets|rereadcacerts|rereadaacerts|\
177 rereadacerts|rereadocspcerts|rereadcrls|\
178 rereadall|purgeocsp)
179         op="$1"
180         rc=7
181         shift
182         if [ -e $IPSEC_PLUTO_PID ]
183         then
184                 $IPSEC_WHACK "$@" "--$op"
185                 rc="$?"
186         fi
187         if [ -e $IPSEC_CHARON_PID ]
188         then
189                 $IPSEC_STROKE "$op" "$@"
190                 rc="$?"
191         fi
192         exit "$rc"
193         ;;
194 purgeike)
195         rc=7
196         if [ -e $IPSEC_CHARON_PID ]
197         then
198                 $IPSEC_STROKE purgeike
199                 rc="$?"
200         fi
201         exit "$rc"
202         ;;
203 ready)
204         shift
205         if [ -e $IPSEC_PLUTO_PID ]
206         then
207                 $IPSEC_WHACK --listen
208                 exit 0
209         else
210                 exit 7
211         fi
212         ;;
213 reload)
214         rc=7
215         if [ -e $IPSEC_STARTER_PID ]
216         then
217                 echo "Reloading strongSwan IPsec configuration..." >&2
218                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
219         else
220                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
221         fi
222         exit "$rc"
223         ;;
224 restart)
225         $IPSEC_SBINDIR/ipsec stop
226         sleep 2
227         shift
228         exec $IPSEC_SBINDIR/ipsec start "$@"
229         ;;
230 route|unroute)
231         op="$1"
232         rc=7
233         shift
234         if [ "$#" -ne 1 ]
235         then
236                 echo "Usage: ipsec $op <connection name>"
237                 exit 2
238         fi
239         if [ -e $IPSEC_PLUTO_PID ]
240         then
241                 $IPSEC_WHACK --name "$1" "--$op"
242                 rc="$?"
243         fi
244         if [ -e $IPSEC_CHARON_PID ]
245         then
246                 $IPSEC_STROKE "$op" "$1"
247                 rc="$?"
248         fi
249         exit "$rc"
250         ;;
251 scencrypt|scdecrypt)
252         op="$1"
253         shift
254         if [ -e $IPSEC_PLUTO_PID ]
255         then
256                 $IPSEC_WHACK "--$op" "$@"
257                 exit "$?"
258         else
259                 exit 7
260         fi
261         ;;
262 secrets)
263         rc=7
264         if [ -e $IPSEC_PLUTO_PID ]
265         then
266                 $IPSEC_WHACK --rereadsecrets
267                 rc="$?"
268         fi
269         if [ -e $IPSEC_CHARON_PID ]
270         then
271                 $IPSEC_STROKE rereadsecrets
272                 rc="$?"
273         fi
274         exit "$rc"
275         ;;
276 start)
277         shift
278         if [ -d /var/lock/subsys ]; then
279                 touch /var/lock/subsys/ipsec
280         fi
281         exec $IPSEC_STARTER "$@"
282         ;;
283 status|statusall)
284         op="$1"
285         # Return value is slightly different for the status command:
286         # 0 - service up and running
287         # 1 - service dead, but /var/run/  pid  file exists
288         # 2 - service dead, but /var/lock/ lock file exists
289         # 3 - service not running (unused)
290         # 4 - service status unknown :-(
291         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
292         shift
293         if [ $# -eq 0 ]
294         then
295                 if [ -e $IPSEC_PLUTO_PID ]
296                 then
297                         $IPSEC_WHACK "--$op"
298                 fi
299                 if [ -e $IPSEC_CHARON_PID ]
300                 then
301                         $IPSEC_STROKE "$op"
302                 fi
303         else
304                 if [ -e $IPSEC_PLUTO_PID ]
305                 then
306                         $IPSEC_WHACK --name "$1" "--$op"
307                 fi
308                 if [ -e $IPSEC_CHARON_PID ]
309                 then
310                         $IPSEC_STROKE "$op" "$1"
311                 fi
312         fi
313         if [ -e $IPSEC_STARTER_PID ]
314         then
315                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
316                 exit $?
317         fi
318         exit 3
319         ;;
320 stop)
321         # stopping a not-running service is considered as success
322         if [ -e $IPSEC_STARTER_PID ]
323         then
324                 echo "Stopping strongSwan IPsec..." >&2
325                 spid=`cat $IPSEC_STARTER_PID`
326                 if [ -n "$spid" ]
327                 then
328                         kill $spid 2>/dev/null
329                         loop=5
330                         while [ $loop -gt 0 ] ; do
331                                 kill -0 $spid 2>/dev/null || break
332                                 sleep 1
333                                 loop=$(($loop - 1))
334                         done
335                         if [ $loop -eq 0 ]
336                         then
337                                 kill -KILL $spid 2>/dev/null
338                                 rm -f $IPSEC_STARTER_PID
339                         fi
340                 fi
341         else
342                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
343         fi
344         if [ -d /var/lock/subsys ]; then
345                 rm -f /var/lock/subsys/ipsec
346         fi
347         exit 0
348         ;;
349 up)
350         shift
351         if [ "$#" -ne 1 ]
352         then
353             echo "Usage: ipsec up <connection name>"
354             exit 2
355         fi
356         rc=7
357         if [ -e $IPSEC_PLUTO_PID ]
358         then
359                 $IPSEC_WHACK --name "$1" --initiate
360                 rc="$?"
361         fi
362         if [ -e $IPSEC_CHARON_PID ]
363         then
364                 $IPSEC_STROKE up "$1"
365                 rc="$?"
366         fi
367         exit "$rc"
368         ;;
369 update)
370         if [ -e $IPSEC_STARTER_PID ]
371         then
372                 echo "Updating strongSwan IPsec configuration..." >&2
373                 kill -HUP `cat $IPSEC_STARTER_PID`
374                 exit 0
375         else
376                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
377                 exit 7
378         fi
379         ;;
380 version|--version)
381         printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
382         printf "$IPSEC_DISTRO\n"
383         printf "See 'ipsec --copyright' for copyright information.\n"
384         exit 0
385         ;;
386 --*)
387         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
388         exit 2
389         ;;
390 esac
391
392 cmd="$1"
393 shift
394
395 path="$IPSEC_DIR/$cmd"
396
397 if [ ! -x "$path" ]
398 then
399     path="$IPSEC_DIR/$cmd"
400     if [ ! -x "$path" ]
401     then
402         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
403         exit 2
404     fi
405 fi
406
407 exec $path "$@"