1a5006eed70e8e66ef70ef22a0116440040b9745
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5
6 # This program is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by the
8 # Free Software Foundation; either version 2 of the License, or (at your
9 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
10
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 # for more details.
15 #
16 # RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
17
18 IPSEC_NAME=strongSwan
19
20 # where the private directory and the config files are
21 IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
22 IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
23 IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
24 IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"
25
26 IPSEC_DIR="$IPSEC_LIBDIR"
27 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
28
29 IPSEC_STARTER_PID="/var/run/starter.pid"
30 IPSEC_PLUTO_PID="/var/run/pluto.pid"
31 IPSEC_CHARON_PID="/var/run/charon.pid"
32
33 # standardize PATH, and export it for everything else's benefit
34 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
35 export PATH
36
37 # things not to be listed in --help command list
38 DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'
39
40 # version numbering (details filled in by build)
41 # Possibly should call a C program to invoke the version_code() function
42 # instead, but for performance's sake, we inline it here (and only here).
43 version="xxx"
44
45 # export the version information
46 IPSEC_VERSION="$version"
47 export IPSEC_VERSION
48
49 # function for the funky user/kernel version stuff
50 fixversion() {
51         if test -f /proc/net/ipsec_version
52         then
53         stack=" (KLIPS)"
54         kv="`awk '{print $NF}' /proc/net/ipsec_version`"
55         else
56                 if test -f /proc/net/pfkey
57                 then
58                         stack=" (native)"
59                         kv="`uname -r`"
60                 else
61                         kv="(no kernel code presently loaded)"
62                 fi
63         fi
64         if test " $kv" != " $version"
65         then
66         version="U$version/K$kv"
67         fi
68         version="$version$stack"
69 }
70
71 case "$1" in
72 '')
73         echo "Usage: ipsec command argument ..."
74         echo "Use --help for list of commands, or see ipsec(8) manual page"
75         echo "or the $IPSEC_NAME documentation for names of the common ones."
76         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
77         echo "See <http://www.strongswan.org> for more general info."
78         exit 0
79         ;;
80 --help)
81         echo "Usage: ipsec command argument ..."
82         echo "where command is one of:"
83         echo "  start|restart  arguments..."
84         echo "  update|reload|stop"
85         echo "  up|down|route|unroute <connectionname>"
86         echo "  status|statusall [<connectionname>]"
87         echo "  ready"
88         echo "  listalgs|listpubkeys|listcerts [--utc]"
89         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
90         echo "  listacerts|listgroups|listcainfos [--utc]"
91         echo "  listcrls|listocsp|listcards|listall [--utc]"
92         echo "  rereadsecrets|rereadgroups"
93         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
94         echo "  rereadacerts|rereadcrls|rereadall"
95         echo "  purgeocsp"
96         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
97         echo "  barf"
98         echo "  openac"
99         echo "  pluto"
100         echo "  scepclient"
101         echo "  secrets"
102         echo "  starter"
103         echo "  version"
104         echo "  whack"
105         echo
106         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
107         exit 0
108         ;;
109 --versioncode)
110         fixversion
111         echo "$version"
112         exit 0
113         ;;
114 --copyright)
115         set _copyright
116         # and fall through, invoking "ipsec _copyright"
117         ;;
118 --directory)
119         echo "$IPSEC_DIR"
120         exit 0
121         ;;
122 --confdir)
123         echo "$IPSEC_CONFS"
124         exit 0
125         ;;
126 down)
127         shift
128         if test -e $IPSEC_PLUTO_PID
129         then
130                 $IPSEC_EXECDIR/whack --name "$1" --terminate
131         fi
132         if test -e $IPSEC_CHARON_PID
133         then
134                 $IPSEC_EXECDIR/stroke down "$1"
135         fi
136         exit 0
137         ;;
138 listalgs|listpubkeys|listcerts|listcacerts|\
139 listaacerts|listocspcerts|listacerts|listgroups|\
140 listcainfos|listcrls|listocsp|listcards|\
141 listall|purgeocsp|rereadsecrets|rereadgroups|\
142 rereadcacerts|rereadaacerts|rereadocspcerts|\
143 rereadacerts|rereadcrls|rereadall)
144         op="$1"
145         shift
146         if test -e $IPSEC_PLUTO_PID
147         then
148                 $IPSEC_EXECDIR/whack "$@" "--$op"
149         fi
150         #if test -e $IPSEC_CHARON_PID
151         #then
152         #       $IPSEC_EXECDIR/stroke "$op"
153         #fi
154         exit 0
155         ;;
156 ready)
157         shift
158         if test -e $IPSEC_PLUTO_PID
159         then
160                 $IPSEC_EXECDIR/whack --listen
161         fi
162         exit 0
163         ;;
164 reload)
165         if test -e $IPSEC_STARTER_PID 
166         then
167             echo "Reloading strongSwan IPsec configuration..." >&2
168             kill -s USR1 `cat $IPSEC_STARTER_PID`
169         else
170             echo "ipsec starter is not running" >&2
171         fi
172         exit 0
173         ;;
174 restart)
175         $IPSEC_SBINDIR/ipsec stop
176         sleep 2
177         shift
178         $IPSEC_SBINDIR/ipsec start "$@"
179         exit 0
180         ;;
181 route|unroute)
182         op="$1"
183         shift
184         if test -e $IPSEC_PLUTO_PID
185         then
186                 $IPSEC_EXECDIR/whack --name "$1" "--$op"
187         fi
188         exit 0
189         ;;
190 scencrypt|scdecrypt)
191         op="$1"
192         shift
193         if test -e $IPSEC_PLUTO_PID
194         then
195                 $IPSEC_EXECDIR/whack "--$op" "$@"
196         fi
197         exit 0
198         ;;
199 secrets)
200         if test -e $IPSEC_PLUTO_PID
201         then
202                 $IPSEC_EXECDIR/whack --rereadsecrets
203         fi
204         exit 0
205         ;;
206 start)
207         shift
208         exec $IPSEC_EXECDIR/starter "$@"
209         ;;
210 status|statusall)
211         op="$1"
212         shift
213         if test $# -eq 0
214         then
215                 if test -e $IPSEC_PLUTO_PID
216                 then
217                         $IPSEC_EXECDIR/whack "--$op"
218                 fi
219                 if test -e $IPSEC_CHARON_PID
220                 then
221                         $IPSEC_EXECDIR/stroke "$op"
222                 fi
223         else
224                 if test -e $IPSEC_PLUTO_PID
225                 then
226                         $IPSEC_EXECDIR/whack --name "$1" "--$op"
227                 fi
228                 if test -e $IPSEC_CHARON_PID
229                 then
230                         $IPSEC_EXECDIR/stroke "$op" "$1"
231                 fi
232         fi
233         exit 0
234         ;;
235 stop)
236         if test -e $IPSEC_STARTER_PID 
237         then
238             echo "Stopping strongSwan IPsec..." >&2
239             kill `cat $IPSEC_STARTER_PID`
240         else
241             echo "ipsec starter is not running" >&2
242         fi
243         exit 0
244         ;;
245 up)
246         shift
247         if test -e $IPSEC_PLUTO_PID
248         then
249                 $IPSEC_EXECDIR/whack --name "$1" --initiate
250         fi
251         if test -e $IPSEC_CHARON_PID
252         then
253             $IPSEC_EXECDIR/stroke up "$1"
254         fi
255         exit 0
256         ;;
257 update)
258         if test -e $IPSEC_STARTER_PID 
259         then
260                 echo "Updating strongSwan IPsec configuration..." >&2
261                 kill -s HUP `cat $IPSEC_STARTER_PID`
262         else
263                 echo "ipsec starter is not running" >&2
264         fi
265         exit 0
266         ;;
267 version|--version)
268         fixversion
269         echo "Linux $IPSEC_NAME $version"
270         echo "See \`ipsec --copyright' for copyright information."
271         if [ -f $IPSEC_LIBDIR/distro.txt ]
272         then
273                 cat $IPSEC_LIBDIR/distro.txt
274         fi
275         exit 0
276         ;;
277 --*)
278         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
279         exit 1
280         ;;
281 esac
282
283 cmd="$1"
284 shift
285
286 path="$IPSEC_EXECDIR/$cmd"
287
288 if test ! -x "$path" 
289 then
290     path="$IPSEC_LIBDIR/$cmd"
291     if test ! -x "$path"
292     then
293         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
294         exit 1
295     fi
296 fi
297
298 exec $path "$@"