54e40a465f3072f308d55dc6ea32815f24000737
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi 
6
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16 #
17 # RCSID $Id$
18
19 # name and version of the ipsec implementation
20 IPSEC_NAME="@IPSEC_NAME@"
21 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
22
23 # where the private directory and the config files are
24 IPSEC_DIR="@IPSEC_DIR@"
25 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
26 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
27 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
28
29 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
30 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
31 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
32
33 IPSEC_WHACK="${IPSEC_DIR}/whack"
34 IPSEC_STROKE="${IPSEC_DIR}/stroke"
35 IPSEC_STARTER="${IPSEC_DIR}/starter"
36
37 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
38
39 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
40
41 case "$1" in
42 '')
43         echo "Usage: ipsec command argument ..."
44         echo "Use --help for list of commands, or see ipsec(8) manual page"
45         echo "or the $IPSEC_NAME documentation for names of the common ones."
46         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
47         echo "See <http://www.strongswan.org> for more general info."
48         exit 0
49         ;;
50 --help)
51         echo "Usage: ipsec command argument ..."
52         echo "where command is one of:"
53         echo "  start|restart  arguments..."
54         echo "  update|reload|stop"
55         echo "  up|down|route|unroute <connectionname>"
56         echo "  status|statusall [<connectionname>]"
57         echo "  ready"
58         echo "  listalgs|listpubkeys|listcerts [--utc]"
59         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
60         echo "  listacerts|listgroups|listcainfos [--utc]"
61         echo "  listcrls|listocsp|listcards|listall [--utc]"
62         echo "  rereadsecrets|rereadgroups"
63         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
64         echo "  rereadacerts|rereadcrls|rereadall"
65         echo "  purgeocsp"
66         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
67         echo "  openac"
68         echo "  pluto"
69         echo "  scepclient"
70         echo "  secrets"
71         echo "  starter"
72         echo "  version"
73         echo "  whack"
74         echo "  stroke"
75         echo
76         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
77         exit 0
78         ;;
79 --versioncode)
80         echo "$IPSEC_VERSION"
81         exit 0
82         ;;
83 --directory)
84         echo "$IPSEC_DIR"
85         exit 0
86         ;;
87 --confdir)
88         echo "$IPSEC_CONFDIR"
89         exit 0
90         ;;
91 copyright|--copyright)
92         set _copyright
93         # and fall through, invoking "ipsec _copyright"
94         ;;
95 down)
96         shift
97         if [ "$#" -ne 1 ]
98         then
99             echo "Usage: ipsec down <connection name>"
100             exit 2
101         fi
102         rc=7
103         if [ -e $IPSEC_PLUTO_PID ]
104         then
105                 $IPSEC_WHACK --name "$1" --terminate
106                 rc="$?"
107         fi
108         if [ -e $IPSEC_CHARON_PID ]
109         then
110                 $IPSEC_STROKE down "$1"
111                 rc="$?"
112         fi
113         exit "$rc"
114         ;;
115 listalgs|listpubkeys|\listcards|\rereadgroups)
116         op="$1"
117         shift
118         if [ -e $IPSEC_PLUTO_PID ]
119         then
120                 $IPSEC_WHACK "$@" "--$op"
121                 exit "$?"
122         else
123                 if [ -e $IPSEC_CHARON_PID ]
124                 then
125                         exit 3
126                 else
127                         exit 7
128                 fi
129         fi
130         ;;
131 listcerts|listcacerts|listaacerts|\
132 listacerts|listgroups|listocspcerts|\
133 listcainfos|listcrls|listocsp|listall|\
134 rereadsecrets|rereadcacerts|rereadaacerts|\
135 rereadacerts|rereadocspcerts|rereadcrls|\
136 rereadall|purgeocsp)
137         op="$1"
138         rc=7
139         shift
140         if [ -e $IPSEC_PLUTO_PID ]
141         then
142                 $IPSEC_WHACK "$@" "--$op"
143                 rc="$?"
144         fi
145         if [ -e $IPSEC_CHARON_PID ]
146         then
147                 $IPSEC_STROKE "$op" "$@"
148                 rc="$?"
149         fi
150         exit "$rc"
151         ;;
152 ready)
153         shift
154         if [ -e $IPSEC_PLUTO_PID ]
155         then
156                 $IPSEC_WHACK --listen
157                 exit 0
158         else
159                 exit 7
160         fi
161         ;;
162 reload)
163         rc=7
164         if [ -e $IPSEC_STARTER_PID ]
165         then
166                 echo "Reloading strongSwan IPsec configuration..." >&2
167                 kill -s USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
168         else
169                 echo "ipsec starter is not running" >&2
170         fi
171         exit "$rc"
172         ;;
173 restart)
174         $IPSEC_SBINDIR/ipsec stop
175         sleep 2
176         shift
177         exec $IPSEC_SBINDIR/ipsec start "$@"
178         ;;
179 route|unroute)
180         op="$1"
181         rc=7
182         shift
183         if [ "$#" -ne 1 ]
184         then
185                 echo "Usage: ipsec $op <connection name>"
186                 exit 2
187         fi
188         if [ -e $IPSEC_PLUTO_PID ]
189         then
190                 $IPSEC_WHACK --name "$1" "--$op"
191                 rc="$?"
192         fi
193         if [ -e $IPSEC_CHARON_PID ]
194         then
195                 $IPSEC_STROKE "$op" "$1"
196                 rc="$?"
197         fi
198         exit "$rc"
199         ;;
200 scencrypt|scdecrypt)
201         op="$1"
202         shift
203         if [ -e $IPSEC_PLUTO_PID ]
204         then
205                 $IPSEC_WHACK "--$op" "$@"
206                 exit "$?"
207         else
208                 exit 7
209         fi
210         ;;
211 secrets)
212         rc=7
213         if [ -e $IPSEC_PLUTO_PID ]
214         then
215                 $IPSEC_WHACK --rereadsecrets
216                 rc="$?"
217         fi
218         if [ -e $IPSEC_CHARON_PID ]
219         then
220                 $IPSEC_STROKE rereadsecrets
221                 rc="$?"
222         fi
223         exit "$rc"
224         ;;
225 start)
226         shift
227         exec $IPSEC_STARTER "$@"
228         ;;
229 status|statusall)
230         op="$1"
231         # Return value is slightly different for the status command:
232         # 0 - service up and running
233         # 1 - service dead, but /var/run/  pid  file exists
234         # 2 - service dead, but /var/lock/ lock file exists
235         # 3 - service not running (unused)
236         # 4 - service status unknown :-(
237         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
238         shift
239         if [ $# -eq 0 ]
240         then
241                 if [ -e $IPSEC_PLUTO_PID ]
242                 then
243                         $IPSEC_WHACK "--$op"
244                 fi
245                 if [ -e $IPSEC_CHARON_PID ]
246                 then
247                         $IPSEC_STROKE "$op"
248                 fi
249         else
250                 if [ -e $IPSEC_PLUTO_PID ]
251                 then
252                         $IPSEC_WHACK --name "$1" "--$op"
253                 fi
254                 if [ -e $IPSEC_CHARON_PID ]
255                 then
256                         $IPSEC_STROKE "$op" "$1"
257                 fi
258         fi
259         if [ -e $IPSEC_STARTER_PID ]
260         then
261                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
262                 exit $?
263         fi
264         exit 3
265         ;;
266 stop)
267         # stopping a not-running service is considered as success
268         if [ -e $IPSEC_STARTER_PID ]
269         then
270                 echo "Stopping strongSwan IPsec..." >&2
271                 spid=`cat $IPSEC_STARTER_PID`
272                 if [ -n "$spid" ]
273                 then
274                         kill $spid 2>/dev/null
275                         loop=5
276                         while [ $loop -gt 0 ] ; do
277                                 kill -s 0 $spid 2>/dev/null || break
278                                 sleep 1
279                                 loop=$(($loop - 1))
280                         done
281                         if [ $loop -eq 0 ]
282                         then
283                                 kill -s KILL $spid 2>/dev/null
284                                 rm -f $IPSEC_STARTER_PID
285                         fi
286                 fi
287         else
288                 echo "ipsec starter is not running" >&2
289         fi
290         exit 0
291         ;;
292 up)
293         shift
294         if [ "$#" -ne 1 ]
295         then
296             echo "Usage: ipsec up <connection name>"
297             exit 2
298         fi
299         rc=7
300         if [ -e $IPSEC_PLUTO_PID ]
301         then
302                 $IPSEC_WHACK --name "$1" --initiate
303                 rc="$?"
304         fi
305         if [ -e $IPSEC_CHARON_PID ]
306         then
307                 $IPSEC_STROKE up "$1"
308                 rc="$?"
309         fi
310         exit "$rc"
311         ;;
312 update)
313         if [ -e $IPSEC_STARTER_PID ]
314         then
315                 echo "Updating strongSwan IPsec configuration..." >&2
316                 kill -s HUP `cat $IPSEC_STARTER_PID`
317                 exit 0
318         else
319                 echo "ipsec starter is not running" >&2
320                 exit 7
321         fi
322         ;;
323 version|--version)
324         echo "Linux $IPSEC_NAME $IPSEC_VERSION"
325         echo -e $IPSEC_DISTRO
326         echo "See \`ipsec --copyright' for copyright information."
327         exit 0
328         ;;
329 --*)
330         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
331         exit 2
332         ;;
333 esac
334
335 cmd="$1"
336 shift
337
338 path="$IPSEC_DIR/$cmd"
339
340 if [ ! -x "$path" ]
341 then
342     path="$IPSEC_DIR/$cmd"
343     if [ ! -x "$path" ]
344     then
345         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
346         exit 2
347     fi
348 fi
349
350 exec $path "$@"