(no commit message)
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4
5 # This program is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by the
7 # Free Software Foundation; either version 2 of the License, or (at your
8 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
9
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
13 # for more details.
14 #
15 # RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
16
17 IPSEC_NAME=strongSwan
18
19 # where the private directory and the config files are
20 IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
21 IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
22 IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
23 IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"
24
25 IPSEC_DIR="$IPSEC_LIBDIR"
26 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
27
28 IPSEC_STARTER_PID="/var/run/starter.pid"
29 IPSEC_CHARON_PID="/var/run/charon.pid"
30
31 # standardize PATH, and export it for everything else's benefit
32 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
33 export PATH
34
35 # things not to be listed in --help command list
36 DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'
37
38 # version numbering (details filled in by build)
39 # Possibly should call a C program to invoke the version_code() function
40 # instead, but for performance's sake, we inline it here (and only here).
41 version="xxx"
42
43 # export the version information
44 IPSEC_VERSION="$version"
45 export IPSEC_VERSION
46
47 # function for the funky user/kernel version stuff
48 fixversion() {
49         if test -f /proc/net/ipsec_version
50         then
51         stack=" (KLIPS)"
52         kv="`awk '{print $NF}' /proc/net/ipsec_version`"
53         else
54                 if test -f /proc/net/pfkey
55                 then
56                         stack=" (native)"
57                         kv="`uname -r`"
58                 else
59                         kv="(no kernel code presently loaded)"
60                 fi
61         fi
62         if test " $kv" != " $version"
63         then
64         version="U$version/K$kv"
65         fi
66         version="$version$stack"
67 }
68
69 case "$1" in
70 '')
71         echo "Usage: ipsec command argument ..."
72         echo "Use --help for list of commands, or see ipsec(8) manual page"
73         echo "or the $IPSEC_NAME documentation for names of the common ones."
74         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
75         echo "See <http://www.strongswan.org> for more general info."
76         exit 0
77         ;;
78 --help)
79         echo "Usage: ipsec command argument ..."
80         echo "where command is one of:"
81         echo "  start|restart  arguments..."
82         echo "  update|reload|stop"
83         echo "  up|down|route|unroute <connectionname>"
84         echo "  status|statusall [<connectionname>]"
85         echo "  ready"
86         echo "  listalgs|listpubkeys|listcerts [--utc]"
87         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
88         echo "  listacerts|listgroups|listcainfos [--utc]"
89         echo "  listcrls|listocsp|listcards|listall [--utc]"
90         echo "  rereadsecrets|rereadgroups"
91         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
92         echo "  rereadacerts|rereadcrls|rereadall"
93         echo "  purgeocsp"
94         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
95         echo "  barf"
96         echo "  openac"
97         echo "  pluto"
98         echo "  scepclient"
99         echo "  secrets"
100         echo "  starter"
101         echo "  version"
102         echo "  whack"
103         echo
104         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
105         exit 0
106         ;;
107 --versioncode)
108         fixversion
109         echo "$version"
110         exit 0
111         ;;
112 --copyright)
113         set _copyright
114         # and fall through, invoking "ipsec _copyright"
115         ;;
116 --directory)
117         echo "$IPSEC_DIR"
118         exit 0
119         ;;
120 --confdir)
121         echo "$IPSEC_CONFS"
122         exit 0
123         ;;
124 down)
125         shift
126         $IPSEC_EXECDIR/whack --name "$1" --terminate
127         if test -e $IPSEC_CHARON_PID
128         then
129             $IPSEC_EXECDIR/stroke down "$1"
130         fi
131         exit 0
132         ;;
133 listalgs|listpubkeys|listcerts|listcacerts|\
134 listaacerts|listocspcerts|listacerts|listgroups|\
135 listcainfos|listcrls|listocsp|listcards|\
136 listall|purgeocsp|rereadsecrets|rereadgroups|\
137 rereadcacerts|rereadaacerts|rereadocspcerts|\
138 rereadacerts|rereadcrls|rereadall)
139         op="$1"
140         shift
141         $IPSEC_EXECDIR/whack "$@" "--$op"
142         if test -e $IPSEC_CHARON_PID
143         then
144             $IPSEC_EXECDIR/stroke "$op"
145         fi
146         exit 0
147         ;;
148 ready)
149         shift
150         $IPSEC_EXECDIR/whack --listen
151         exit 0
152         ;;
153 reload)
154         if test -e $IPSEC_STARTER_PID 
155         then
156             echo "Reloading strongSwan IPsec configuration..." >&2
157             kill -s USR1 `cat $IPSEC_STARTER_PID`
158         else
159             echo "ipsec starter is not running" >&2
160         fi
161         exit 0
162         ;;
163 restart)
164         $IPSEC_SBINDIR/ipsec stop
165         sleep 2
166         shift
167         $IPSEC_SBINDIR/ipsec start "$@"
168         exit 0
169         ;;
170 route|unroute)
171         op="$1"
172         shift
173         $IPSEC_EXECDIR/whack --name "$1" "--$op"
174         exit 0
175         ;;
176 scencrypt|scdecrypt)
177         op="$1"
178         shift
179         $IPSEC_EXECDIR/whack "--$op" "$@"
180         exit 0
181         ;;
182 secrets)
183         $IPSEC_EXECDIR/whack --rereadsecrets
184         exit 0
185         ;;
186 start)
187         shift
188         exec $IPSEC_EXECDIR/starter "$@"
189         ;;
190 status|statusall)
191         op="$1"
192         shift
193         if test $# -eq 0
194         then
195             $IPSEC_EXECDIR/whack "--$op"
196             if test -e $IPSEC_CHARON_PID
197             then
198                 $IPSEC_EXECDIR/stroke "$op"
199             fi
200         else
201             $IPSEC_EXECDIR/whack --name "$1" "--$op"
202             if test -e $IPSEC_CHARON_PID
203             then
204                 $IPSEC_EXECDIR/stroke "$op" "$1"
205             fi
206         fi
207         exit 0
208         ;;
209 stop)
210         if test -e $IPSEC_STARTER_PID 
211         then
212             echo "Stopping strongSwan IPsec..." >&2
213             kill `cat $IPSEC_STARTER_PID`
214         else
215             echo "ipsec starter is not running" >&2
216         fi
217         exit 0
218         ;;
219 up)
220         shift
221         $IPSEC_EXECDIR/whack --name "$1" --initiate
222         if test -e $IPSEC_CHARON_PID
223         then
224             $IPSEC_EXECDIR/stroke up "$1"
225         fi
226         exit 0
227         ;;
228 update)
229         if test -e $IPSEC_STARTER_PID 
230         then
231             echo "Updating strongSwan IPsec configuration..." >&2
232             kill -s HUP `cat $IPSEC_STARTER_PID`
233         else
234             echo "ipsec starter is not running" >&2
235         fi
236         exit 0
237         ;;
238 version|--version)
239         fixversion
240         echo "Linux $IPSEC_NAME $version"
241         echo "See \`ipsec --copyright' for copyright information."
242         if [ -f $IPSEC_LIBDIR/distro.txt ]
243         then
244             cat $IPSEC_LIBDIR/distro.txt
245         fi
246         exit 0
247         ;;
248 --*)
249         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
250         exit 1
251         ;;
252 esac
253
254 cmd="$1"
255 shift
256
257 path="$IPSEC_EXECDIR/$cmd"
258
259 if test ! -x "$path" 
260 then
261     path="$IPSEC_LIBDIR/$cmd"
262     if test ! -x "$path"
263     then
264         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
265         exit 1
266     fi
267 fi
268
269 exec $path "$@"