implementation of strictcrlpolicy=ifuri
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi 
6
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16 #
17 # RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
18
19 # name and version of the ipsec implementation
20 IPSEC_NAME="@IPSEC_NAME@"
21 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
22
23 # where the private directory and the config files are
24 IPSEC_DIR="@IPSEC_DIR@"
25 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
26 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
27 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
28
29 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
30 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
31 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
32
33 IPSEC_WHACK="${IPSEC_DIR}/whack"
34 IPSEC_STROKE="${IPSEC_DIR}/stroke"
35 IPSEC_STARTER="${IPSEC_DIR}/starter"
36
37 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
38
39 IPSEC_DISTRO="Institute for Internet Technologies and Applications\n
40               University of Applied Sciences Rapperswil, Switzerland"
41
42 case "$1" in
43 '')
44         echo "Usage: ipsec command argument ..."
45         echo "Use --help for list of commands, or see ipsec(8) manual page"
46         echo "or the $IPSEC_NAME documentation for names of the common ones."
47         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
48         echo "See <http://www.strongswan.org> for more general info."
49         exit 0
50         ;;
51 --help)
52         echo "Usage: ipsec command argument ..."
53         echo "where command is one of:"
54         echo "  start|restart  arguments..."
55         echo "  update|reload|stop"
56         echo "  up|down|route|unroute <connectionname>"
57         echo "  status|statusall [<connectionname>]"
58         echo "  ready"
59         echo "  listalgs|listpubkeys|listcerts [--utc]"
60         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
61         echo "  listacerts|listgroups|listcainfos [--utc]"
62         echo "  listcrls|listocsp|listcards|listall [--utc]"
63         echo "  rereadsecrets|rereadgroups"
64         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
65         echo "  rereadacerts|rereadcrls|rereadall"
66         echo "  purgeocsp"
67         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
68         echo "  barf"
69         echo "  openac"
70         echo "  pluto"
71         echo "  scepclient"
72         echo "  secrets"
73         echo "  starter"
74         echo "  version"
75         echo "  whack"
76         echo "  stoke"
77         echo
78         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
79         exit 0
80         ;;
81 --versioncode)
82         echo "$IPSEC_VERSION"
83         exit 0
84         ;;
85 --copyright)
86         set _copyright
87         # and fall through, invoking "ipsec _copyright"
88         ;;
89 --directory)
90         echo "$IPSEC_DIR"
91         exit 0
92         ;;
93 --confdir)
94         echo "$IPSEC_CONFDIR"
95         exit 0
96         ;;
97 down)
98         shift
99         if [ "$#" -ne 1 ]
100         then
101             echo "Usage: ipsec down <connection name>"
102             exit 1
103         fi
104         if test -e $IPSEC_PLUTO_PID
105         then
106                 $IPSEC_WHACK --name "$1" --terminate
107         fi
108         if test -e $IPSEC_CHARON_PID
109         then
110                 $IPSEC_STROKE down "$1"
111         fi
112         exit 0
113         ;;
114 listalgs|listpubkeys|\listcards|\
115 rereadsecrets|rereadgroups)
116         op="$1"
117         shift
118         if test -e $IPSEC_PLUTO_PID
119         then
120                 $IPSEC_WHACK "$@" "--$op"
121         fi
122         exit 0
123         ;;
124 listcerts|listcacerts|listaacerts|\
125 listacerts\listgroups\listocspcerts|\
126 listcainfos|listcrls|listocsp|listall|\
127 rereadcacerts|rereadaacerts|rereadacerts|\
128 rereadocspcerts|rereadcrls|\
129 rereadall|purgeocsp)
130         op="$1"
131         shift
132         if test -e $IPSEC_PLUTO_PID
133         then
134                 $IPSEC_WHACK "$@" "--$op"
135         fi
136         if test -e $IPSEC_CHARON_PID
137         then
138                 $IPSEC_STROKE "$op" "$@"
139         fi
140         exit 0
141         ;;
142 ready)
143         shift
144         if test -e $IPSEC_PLUTO_PID
145         then
146                 $IPSEC_WHACK --listen
147         fi
148         exit 0
149         ;;
150 reload)
151         if test -e $IPSEC_STARTER_PID 
152         then
153             echo "Reloading strongSwan IPsec configuration..." >&2
154             kill -s USR1 `cat $IPSEC_STARTER_PID`
155         else
156             echo "ipsec starter is not running" >&2
157         fi
158         exit 0
159         ;;
160 restart)
161         $IPSEC_SBINDIR/ipsec stop
162         sleep 2
163         shift
164         $IPSEC_SBINDIR/ipsec start "$@"
165         exit 0
166         ;;
167 route|unroute)
168         op="$1"
169         shift
170         if [ "$#" -ne 1 ]
171         then
172             echo "Usage: ipsec $op <connection name>"
173             exit 1
174         fi
175         if test -e $IPSEC_PLUTO_PID
176         then
177                 $IPSEC_WHACK --name "$1" "--$op"
178         fi
179         if test -e $IPSEC_CHARON_PID
180         then
181                 $IPSEC_STROKE "$op" "$1"
182         fi
183         exit 0
184         ;;
185 scencrypt|scdecrypt)
186         op="$1"
187         shift
188         if test -e $IPSEC_PLUTO_PID
189         then
190                 $IPSEC_WHACK "--$op" "$@"
191         fi
192         exit 0
193         ;;
194 secrets)
195         if test -e $IPSEC_PLUTO_PID
196         then
197                 $IPSEC_WHACK --rereadsecrets
198         fi
199         exit 0
200         ;;
201 start)
202         shift
203         exec $IPSEC_STARTER "$@"
204         ;;
205 status|statusall)
206         op="$1"
207         shift
208         if test $# -eq 0
209         then
210                 if test -e $IPSEC_PLUTO_PID
211                 then
212                         $IPSEC_WHACK "--$op"
213                 fi
214                 if test -e $IPSEC_CHARON_PID
215                 then
216                         $IPSEC_STROKE "$op"
217                 fi
218         else
219                 if test -e $IPSEC_PLUTO_PID
220                 then
221                         $IPSEC_WHACK --name "$1" "--$op"
222                 fi
223                 if test -e $IPSEC_CHARON_PID
224                 then
225                         $IPSEC_STROKE "$op" "$1"
226                 fi
227         fi
228         exit 0
229         ;;
230 stop)
231         if test -e $IPSEC_STARTER_PID 
232         then
233             echo "Stopping strongSwan IPsec..." >&2
234             kill `cat $IPSEC_STARTER_PID`
235         else
236             echo "ipsec starter is not running" >&2
237         fi
238         exit 0
239         ;;
240 up)
241         shift
242         if [ "$#" -ne 1 ]
243         then
244             echo "Usage: ipsec up <connection name>"
245             exit 1
246         fi
247         if test -e $IPSEC_PLUTO_PID
248         then
249                 $IPSEC_WHACK --name "$1" --initiate
250         fi
251         if test -e $IPSEC_CHARON_PID
252         then
253             $IPSEC_STROKE up "$1"
254         fi
255         exit 0
256         ;;
257 update)
258         if test -e $IPSEC_STARTER_PID 
259         then
260                 echo "Updating strongSwan IPsec configuration..." >&2
261                 kill -s HUP `cat $IPSEC_STARTER_PID`
262         else
263                 echo "ipsec starter is not running" >&2
264         fi
265         exit 0
266         ;;
267 version|--version)
268         echo "Linux $IPSEC_NAME $IPSEC_VERSION"
269         echo "See \`ipsec --copyright' for copyright information."
270         echo $IPSEC_DISTRO
271         exit 0
272         ;;
273 --*)
274         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
275         exit 1
276         ;;
277 esac
278
279 cmd="$1"
280 shift
281
282 path="$IPSEC_DIR/$cmd"
283
284 if test ! -x "$path" 
285 then
286     path="$IPSEC_DIR/$cmd"
287     if test ! -x "$path"
288     then
289         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
290         exit 1
291     fi
292 fi
293
294 exec $path "$@"