b3e2b951d174a3df569f864b57c63f87dd26e444
[strongswan.git] / src / ipsec / ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
19 export PATH
20
21 # name and version of the ipsec implementation
22 OS_NAME=`uname -s`
23 IPSEC_NAME="@IPSEC_NAME@"
24 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
25
26 # where the private directory and the config files are
27 IPSEC_DIR="@IPSEC_DIR@"
28 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
29 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
30 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
31
32 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
33 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
34 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
35
36 IPSEC_WHACK="${IPSEC_DIR}/whack"
37 IPSEC_STROKE="${IPSEC_DIR}/stroke"
38 IPSEC_STARTER="${IPSEC_DIR}/starter"
39
40 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
41
42 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
43
44 case "$1" in
45 '')
46         echo "Usage: ipsec command argument ..."
47         echo "Use --help for list of commands, or see ipsec(8) manual page"
48         echo "or the $IPSEC_NAME documentation for names of the common ones."
49         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
50         echo "See <http://www.strongswan.org> for more general info."
51         exit 0
52         ;;
53 --help)
54         echo "Usage: ipsec command argument ..."
55         echo "where command is one of:"
56         echo "  start|restart  arguments..."
57         echo "  update|reload|stop"
58         echo "  up|down|route|unroute <connectionname>"
59         echo "  status|statusall [<connectionname>]"
60         echo "  ready"
61         echo "  listalgs|listpubkeys|listcerts [--utc]"
62         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
63         echo "  listacerts|listgroups|listcainfos [--utc]"
64         echo "  listcrls|listocsp|listcards|listall [--utc]"
65         echo "  leases [<poolname> [<address>]]"
66         echo "  rereadsecrets|rereadgroups"
67         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
68         echo "  rereadacerts|rereadcrls|rereadall"
69         echo "  purgeocsp|purgecrls|purgecerts|purgeike"
70         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
71         echo "  openac"
72         echo "  pluto"
73         echo "  scepclient"
74         echo "  secrets"
75         echo "  starter"
76         echo "  version"
77         echo "  whack"
78         echo "  stroke"
79         echo
80         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
81         exit 0
82         ;;
83 --versioncode)
84         echo "$IPSEC_VERSION"
85         exit 0
86         ;;
87 --directory)
88         echo "$IPSEC_DIR"
89         exit 0
90         ;;
91 --confdir)
92         echo "$IPSEC_CONFDIR"
93         exit 0
94         ;;
95 copyright|--copyright)
96         set _copyright
97         # and fall through, invoking "ipsec _copyright"
98         ;;
99 down)
100         shift
101         if [ "$#" -ne 1 ]
102         then
103             echo "Usage: ipsec down <connection name>"
104             exit 2
105         fi
106         rc=7
107         if [ -e $IPSEC_PLUTO_PID ]
108         then
109                 $IPSEC_WHACK --name "$1" --terminate
110                 rc="$?"
111         fi
112         if [ -e $IPSEC_CHARON_PID ]
113         then
114                 $IPSEC_STROKE down "$1"
115                 rc="$?"
116         fi
117         exit "$rc"
118         ;;
119 down-srcip)
120         shift
121         if [ "$#" -lt 1 ]
122         then
123             echo "Usage: ipsec down-srcip <start> [<end>]"
124             exit 2
125         fi
126         rc=7
127         if [ -e $IPSEC_CHARON_PID ]
128         then
129                 $IPSEC_STROKE down-srcip $*
130                 rc="$?"
131         fi
132         exit "$rc"
133         ;;
134 listcards|rereadgroups)
135         op="$1"
136         shift
137         if [ -e $IPSEC_PLUTO_PID ]
138         then
139                 $IPSEC_WHACK "$@" "--$op"
140                 rc="$?"
141         fi
142         if [ -e $IPSEC_CHARON_PID ]
143         then
144                 exit 3
145         else
146                 exit 7
147         fi
148         ;;
149 leases)
150         op="$1"
151         rc=7
152         shift
153         if [ -e $IPSEC_PLUTO_PID ]
154         then
155                 case "$#" in
156                 0) $IPSEC_WHACK "--$op" ;;
157                 1) $IPSEC_WHACK "--$op" --name "$1" ;;
158                 *) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;;
159                 esac
160                 rc="$?"
161         fi
162         if [ -e $IPSEC_CHARON_PID ]
163         then
164                 case "$#" in
165                 0) $IPSEC_STROKE "$op" ;;
166                 1) $IPSEC_STROKE "$op" "$1" ;;
167                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
168                 esac
169                 rc="$?"
170         fi
171         exit "$rc"
172         ;;
173 listalgs|\listpubkeys|\
174 listcerts|listcacerts|listaacerts|\
175 listacerts|listgroups|listocspcerts|\
176 listcainfos|listcrls|listocsp|listall|\
177 rereadsecrets|rereadcacerts|rereadaacerts|\
178 rereadacerts|rereadocspcerts|rereadcrls|\
179 rereadall|purgeocsp)
180         op="$1"
181         rc=7
182         shift
183         if [ -e $IPSEC_PLUTO_PID ]
184         then
185                 $IPSEC_WHACK "$@" "--$op"
186                 rc="$?"
187         fi
188         if [ -e $IPSEC_CHARON_PID ]
189         then
190                 $IPSEC_STROKE "$op" "$@"
191                 rc="$?"
192         fi
193         exit "$rc"
194         ;;
195 purgeike|purgecrls|purgecerts)
196         rc=7
197         if [ -e $IPSEC_CHARON_PID ]
198         then
199                 $IPSEC_STROKE "$1"
200                 rc="$?"
201         fi
202         exit "$rc"
203         ;;
204 ready)
205         shift
206         if [ -e $IPSEC_PLUTO_PID ]
207         then
208                 $IPSEC_WHACK --listen
209                 exit 0
210         else
211                 exit 7
212         fi
213         ;;
214 reload)
215         rc=7
216         if [ -e $IPSEC_STARTER_PID ]
217         then
218                 echo "Reloading strongSwan IPsec configuration..." >&2
219                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
220         else
221                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
222         fi
223         exit "$rc"
224         ;;
225 restart)
226         $IPSEC_SBINDIR/ipsec stop
227         sleep 2
228         shift
229         exec $IPSEC_SBINDIR/ipsec start "$@"
230         ;;
231 route|unroute)
232         op="$1"
233         rc=7
234         shift
235         if [ "$#" -ne 1 ]
236         then
237                 echo "Usage: ipsec $op <connection name>"
238                 exit 2
239         fi
240         if [ -e $IPSEC_PLUTO_PID ]
241         then
242                 $IPSEC_WHACK --name "$1" "--$op"
243                 rc="$?"
244         fi
245         if [ -e $IPSEC_CHARON_PID ]
246         then
247                 $IPSEC_STROKE "$op" "$1"
248                 rc="$?"
249         fi
250         exit "$rc"
251         ;;
252 scencrypt|scdecrypt)
253         op="$1"
254         shift
255         if [ -e $IPSEC_PLUTO_PID ]
256         then
257                 $IPSEC_WHACK "--$op" "$@"
258                 exit "$?"
259         else
260                 exit 7
261         fi
262         ;;
263 secrets)
264         rc=7
265         if [ -e $IPSEC_PLUTO_PID ]
266         then
267                 $IPSEC_WHACK --rereadsecrets
268                 rc="$?"
269         fi
270         if [ -e $IPSEC_CHARON_PID ]
271         then
272                 $IPSEC_STROKE rereadsecrets
273                 rc="$?"
274         fi
275         exit "$rc"
276         ;;
277 start)
278         shift
279         if [ -d /var/lock/subsys ]; then
280                 touch /var/lock/subsys/ipsec
281         fi
282         exec $IPSEC_STARTER "$@"
283         ;;
284 status|statusall)
285         op="$1"
286         # Return value is slightly different for the status command:
287         # 0 - service up and running
288         # 1 - service dead, but /var/run/  pid  file exists
289         # 2 - service dead, but /var/lock/ lock file exists
290         # 3 - service not running (unused)
291         # 4 - service status unknown :-(
292         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
293         shift
294         if [ $# -eq 0 ]
295         then
296                 if [ -e $IPSEC_PLUTO_PID ]
297                 then
298                         $IPSEC_WHACK "--$op"
299                 fi
300                 if [ -e $IPSEC_CHARON_PID ]
301                 then
302                         $IPSEC_STROKE "$op"
303                 fi
304         else
305                 if [ -e $IPSEC_PLUTO_PID ]
306                 then
307                         $IPSEC_WHACK --name "$1" "--$op"
308                 fi
309                 if [ -e $IPSEC_CHARON_PID ]
310                 then
311                         $IPSEC_STROKE "$op" "$1"
312                 fi
313         fi
314         if [ -e $IPSEC_STARTER_PID ]
315         then
316                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
317                 exit $?
318         fi
319         exit 3
320         ;;
321 stop)
322         # stopping a not-running service is considered as success
323         if [ -e $IPSEC_STARTER_PID ]
324         then
325                 echo "Stopping strongSwan IPsec..." >&2
326                 spid=`cat $IPSEC_STARTER_PID`
327                 if [ -n "$spid" ]
328                 then
329                         kill $spid 2>/dev/null
330                         loop=11
331                         while [ $loop -gt 0 ] ; do
332                                 kill -0 $spid 2>/dev/null || break
333                                 sleep 1
334                                 loop=$(($loop - 1))
335                         done
336                         if [ $loop -eq 0 ]
337                         then
338                                 kill -KILL $spid 2>/dev/null
339                                 rm -f $IPSEC_STARTER_PID
340                         fi
341                 fi
342         else
343                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
344         fi
345         if [ -d /var/lock/subsys ]; then
346                 rm -f /var/lock/subsys/ipsec
347         fi
348         exit 0
349         ;;
350 up)
351         shift
352         if [ "$#" -ne 1 ]
353         then
354             echo "Usage: ipsec up <connection name>"
355             exit 2
356         fi
357         rc=7
358         if [ -e $IPSEC_PLUTO_PID ]
359         then
360                 $IPSEC_WHACK --name "$1" --initiate
361                 rc="$?"
362         fi
363         if [ -e $IPSEC_CHARON_PID ]
364         then
365                 $IPSEC_STROKE up "$1"
366                 rc="$?"
367         fi
368         exit "$rc"
369         ;;
370 update)
371         if [ -e $IPSEC_STARTER_PID ]
372         then
373                 echo "Updating strongSwan IPsec configuration..." >&2
374                 kill -HUP `cat $IPSEC_STARTER_PID`
375                 exit 0
376         else
377                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
378                 exit 7
379         fi
380         ;;
381 version|--version)
382         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
383         printf "$IPSEC_DISTRO\n"
384         printf "See 'ipsec --copyright' for copyright information.\n"
385         exit 0
386         ;;
387 --*)
388         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
389         exit 2
390         ;;
391 esac
392
393 cmd="$1"
394 shift
395
396 path="$IPSEC_DIR/$cmd"
397
398 if [ ! -x "$path" ]
399 then
400     path="$IPSEC_DIR/$cmd"
401     if [ ! -x "$path" ]
402     then
403         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
404         exit 2
405     fi
406 fi
407
408 exec $path "$@"