src/ipsec/ipsec.in

   1 #! /bin/sh
   2 # prefix command to run stuff from our programs directory
   3 # Copyright (C) 1998-2002  Henry Spencer.
   4 # Copyright (C) 2006 Andreas Steffen
   5 # Copyright (C) 2006 Martin Willi
   6 #
   7 # This program is free software; you can redistribute it and/or modify it
   8 # under the terms of the GNU General Public License as published by the
   9 # Free Software Foundation; either version 2 of the License, or (at your
  10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11 #
  12 # This program is distributed in the hope that it will be useful, but
  13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15 # for more details.
  16 #
  17 # RCSID $Id$
  18
  19 # define a minimum PATH environment in case it is not set
  20 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
  21 export PATH
  22
  23 # name and version of the ipsec implementation
  24 IPSEC_NAME="@IPSEC_NAME@"
  25 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
  26
  27 # where the private directory and the config files are
  28 IPSEC_DIR="@IPSEC_DIR@"
  29 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
  30 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
  31 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
  32
  33 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
  34 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
  35 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
  36
  37 IPSEC_WHACK="${IPSEC_DIR}/whack"
  38 IPSEC_STROKE="${IPSEC_DIR}/stroke"
  39 IPSEC_STARTER="${IPSEC_DIR}/starter"
  40
  41 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
  42
  43 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
  44
  45 case "$1" in
  46 '')
  47         echo "Usage: ipsec command argument ..."
  48         echo "Use --help for list of commands, or see ipsec(8) manual page"
  49         echo "or the $IPSEC_NAME documentation for names of the common ones."
  50         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
  51         echo "See <http://www.strongswan.org> for more general info."
  52         exit 0
  53         ;;
  54 --help)
  55         echo "Usage: ipsec command argument ..."
  56         echo "where command is one of:"
  57         echo "  start|restart  arguments..."
  58         echo "  update|reload|stop"
  59         echo "  up|down|route|unroute <connectionname>"
  60         echo "  status|statusall [<connectionname>]"
  61         echo "  ready"
  62         echo "  listalgs|listpubkeys|listcerts [--utc]"
  63         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
  64         echo "  listacerts|listgroups|listcainfos [--utc]"
  65         echo "  listcrls|listocsp|listcards|listall [--utc]"
  66         echo "  rereadsecrets|rereadgroups"
  67         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
  68         echo "  rereadacerts|rereadcrls|rereadall"
  69         echo "  purgeocsp"
  70         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
  71         echo "  openac"
  72         echo "  pluto"
  73         echo "  scepclient"
  74         echo "  secrets"
  75         echo "  starter"
  76         echo "  version"
  77         echo "  whack"
  78         echo "  stroke"
  79         echo
  80         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
  81         exit 0
  82         ;;
  83 --versioncode)
  84         echo "$IPSEC_VERSION"
  85         exit 0
  86         ;;
  87 --directory)
  88         echo "$IPSEC_DIR"
  89         exit 0
  90         ;;
  91 --confdir)
  92         echo "$IPSEC_CONFDIR"
  93         exit 0
  94         ;;
  95 copyright|--copyright)
  96         set _copyright
  97         # and fall through, invoking "ipsec _copyright"
  98         ;;
  99 down)
 100         shift
 101         if [ "$#" -ne 1 ]
 102         then
 103             echo "Usage: ipsec down <connection name>"
 104             exit 2
 105         fi
 106         rc=7
 107         if [ -e $IPSEC_PLUTO_PID ]
 108         then
 109                 $IPSEC_WHACK --name "$1" --terminate
 110                 rc="$?"
 111         fi
 112         if [ -e $IPSEC_CHARON_PID ]
 113         then
 114                 $IPSEC_STROKE down "$1"
 115                 rc="$?"
 116         fi
 117         exit "$rc"
 118         ;;
 119 listalgs|listpubkeys|\listcards|\rereadgroups)
 120         op="$1"
 121         shift
 122         if [ -e $IPSEC_PLUTO_PID ]
 123         then
 124                 $IPSEC_WHACK "$@" "--$op"
 125                 exit "$?"
 126         else
 127                 if [ -e $IPSEC_CHARON_PID ]
 128                 then
 129                         exit 3
 130                 else
 131                         exit 7
 132                 fi
 133         fi
 134         ;;
 135 listcerts|listcacerts|listaacerts|\
 136 listacerts|listgroups|listocspcerts|\
 137 listcainfos|listcrls|listocsp|listall|\
 138 rereadsecrets|rereadcacerts|rereadaacerts|\
 139 rereadacerts|rereadocspcerts|rereadcrls|\
 140 rereadall|purgeocsp)
 141         op="$1"
 142         rc=7
 143         shift
 144         if [ -e $IPSEC_PLUTO_PID ]
 145         then
 146                 $IPSEC_WHACK "$@" "--$op"
 147                 rc="$?"
 148         fi
 149         if [ -e $IPSEC_CHARON_PID ]
 150         then
 151                 $IPSEC_STROKE "$op" "$@"
 152                 rc="$?"
 153         fi
 154         exit "$rc"
 155         ;;
 156 ready)
 157         shift
 158         if [ -e $IPSEC_PLUTO_PID ]
 159         then
 160                 $IPSEC_WHACK --listen
 161                 exit 0
 162         else
 163                 exit 7
 164         fi
 165         ;;
 166 reload)
 167         rc=7
 168         if [ -e $IPSEC_STARTER_PID ]
 169         then
 170                 echo "Reloading strongSwan IPsec configuration..." >&2
 171                 kill -s USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
 172         else
 173                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
 174         fi
 175         exit "$rc"
 176         ;;
 177 restart)
 178         $IPSEC_SBINDIR/ipsec stop
 179         sleep 2
 180         shift
 181         exec $IPSEC_SBINDIR/ipsec start "$@"
 182         ;;
 183 route|unroute)
 184         op="$1"
 185         rc=7
 186         shift
 187         if [ "$#" -ne 1 ]
 188         then
 189                 echo "Usage: ipsec $op <connection name>"
 190                 exit 2
 191         fi
 192         if [ -e $IPSEC_PLUTO_PID ]
 193         then
 194                 $IPSEC_WHACK --name "$1" "--$op"
 195                 rc="$?"
 196         fi
 197         if [ -e $IPSEC_CHARON_PID ]
 198         then
 199                 $IPSEC_STROKE "$op" "$1"
 200                 rc="$?"
 201         fi
 202         exit "$rc"
 203         ;;
 204 scencrypt|scdecrypt)
 205         op="$1"
 206         shift
 207         if [ -e $IPSEC_PLUTO_PID ]
 208         then
 209                 $IPSEC_WHACK "--$op" "$@"
 210                 exit "$?"
 211         else
 212                 exit 7
 213         fi
 214         ;;
 215 secrets)
 216         rc=7
 217         if [ -e $IPSEC_PLUTO_PID ]
 218         then
 219                 $IPSEC_WHACK --rereadsecrets
 220                 rc="$?"
 221         fi
 222         if [ -e $IPSEC_CHARON_PID ]
 223         then
 224                 $IPSEC_STROKE rereadsecrets
 225                 rc="$?"
 226         fi
 227         exit "$rc"
 228         ;;
 229 start)
 230         shift
 231         exec $IPSEC_STARTER "$@"
 232         ;;
 233 status|statusall)
 234         op="$1"
 235         # Return value is slightly different for the status command:
 236         # 0 - service up and running
 237         # 1 - service dead, but /var/run/  pid  file exists
 238         # 2 - service dead, but /var/lock/ lock file exists
 239         # 3 - service not running (unused)
 240         # 4 - service status unknown :-(
 241         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
 242         shift
 243         if [ $# -eq 0 ]
 244         then
 245                 if [ -e $IPSEC_PLUTO_PID ]
 246                 then
 247                         $IPSEC_WHACK "--$op"
 248                 fi
 249                 if [ -e $IPSEC_CHARON_PID ]
 250                 then
 251                         $IPSEC_STROKE "$op"
 252                 fi
 253         else
 254                 if [ -e $IPSEC_PLUTO_PID ]
 255                 then
 256                         $IPSEC_WHACK --name "$1" "--$op"
 257                 fi
 258                 if [ -e $IPSEC_CHARON_PID ]
 259                 then
 260                         $IPSEC_STROKE "$op" "$1"
 261                 fi
 262         fi
 263         if [ -e $IPSEC_STARTER_PID ]
 264         then
 265                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
 266                 exit $?
 267         fi
 268         exit 3
 269         ;;
 270 stop)
 271         # stopping a not-running service is considered as success
 272         if [ -e $IPSEC_STARTER_PID ]
 273         then
 274                 echo "Stopping strongSwan IPsec..." >&2
 275                 spid=`cat $IPSEC_STARTER_PID`
 276                 if [ -n "$spid" ]
 277                 then
 278                         kill $spid 2>/dev/null
 279                         loop=5
 280                         while [ $loop -gt 0 ] ; do
 281                                 kill -s 0 $spid 2>/dev/null || break
 282                                 sleep 1
 283                                 loop=$(($loop - 1))
 284                         done
 285                         if [ $loop -eq 0 ]
 286                         then
 287                                 kill -s KILL $spid 2>/dev/null
 288                                 rm -f $IPSEC_STARTER_PID
 289                         fi
 290                 fi
 291         else
 292                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
 293         fi
 294         exit 0
 295         ;;
 296 up)
 297         shift
 298         if [ "$#" -ne 1 ]
 299         then
 300             echo "Usage: ipsec up <connection name>"
 301             exit 2
 302         fi
 303         rc=7
 304         if [ -e $IPSEC_PLUTO_PID ]
 305         then
 306                 $IPSEC_WHACK --name "$1" --initiate
 307                 rc="$?"
 308         fi
 309         if [ -e $IPSEC_CHARON_PID ]
 310         then
 311                 $IPSEC_STROKE up "$1"
 312                 rc="$?"
 313         fi
 314         exit "$rc"
 315         ;;
 316 update)
 317         if [ -e $IPSEC_STARTER_PID ]
 318         then
 319                 echo "Updating strongSwan IPsec configuration..." >&2
 320                 kill -s HUP `cat $IPSEC_STARTER_PID`
 321                 exit 0
 322         else
 323                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
 324                 exit 7
 325         fi
 326         ;;
 327 version|--version)
 328         echo "Linux $IPSEC_NAME $IPSEC_VERSION"
 329         echo -e $IPSEC_DISTRO
 330         echo "See \`ipsec --copyright' for copyright information."
 331         exit 0
 332         ;;
 333 --*)
 334         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
 335         exit 2
 336         ;;
 337 esac
 338
 339 cmd="$1"
 340 shift
 341
 342 path="$IPSEC_DIR/$cmd"
 343
 344 if [ ! -x "$path" ]
 345 then
 346     path="$IPSEC_DIR/$cmd"
 347     if [ ! -x "$path" ]
 348     then
 349         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
 350         exit 2
 351     fi
 352 fi
 353
 354 exec $path "$@"