src/ipsec/ipsec.in

   1 #! /bin/sh
   2 # prefix command to run stuff from our programs directory
   3 # Copyright (C) 1998-2002  Henry Spencer.
   4 #
   5 # This program is free software; you can redistribute it and/or modify it
   6 # under the terms of the GNU General Public License as published by the
   7 # Free Software Foundation; either version 2 of the License, or (at your
   8 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9 #
  10 # This program is distributed in the hope that it will be useful, but
  11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13 # for more details.
  14 #
  15 # RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
  16
  17 IPSEC_NAME=strongSwan
  18
  19 # where the private directory and the config files are
  20 IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
  21 IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
  22 IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
  23 IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"
  24
  25 IPSEC_DIR="$IPSEC_LIBDIR"
  26 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
  27
  28 IPSEC_STARTER_PID="/var/run/starter.pid"
  29 IPSEC_CHARON_PID="/var/run/charon.pid"
  30
  31 # standardize PATH, and export it for everything else's benefit
  32 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
  33 export PATH
  34
  35 # things not to be listed in --help command list
  36 DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'
  37
  38 # version numbering (details filled in by build)
  39 # Possibly should call a C program to invoke the version_code() function
  40 # instead, but for performance's sake, we inline it here (and only here).
  41 version="xxx"
  42
  43 # export the version information
  44 IPSEC_VERSION="$version"
  45 export IPSEC_VERSION
  46
  47 # function for the funky user/kernel version stuff
  48 fixversion() {
  49         if test -f /proc/net/ipsec_version
  50         then
  51         stack=" (KLIPS)"
  52         kv="`awk '{print $NF}' /proc/net/ipsec_version`"
  53         else
  54                 if test -f /proc/net/pfkey
  55                 then
  56                         stack=" (native)"
  57                         kv="`uname -r`"
  58                 else
  59                         kv="(no kernel code presently loaded)"
  60                 fi
  61         fi
  62         if test " $kv" != " $version"
  63         then
  64         version="U$version/K$kv"
  65         fi
  66         version="$version$stack"
  67 }
  68
  69 case "$1" in
  70 '')
  71         echo "Usage: ipsec command argument ..."
  72         echo "Use --help for list of commands, or see ipsec(8) manual page"
  73         echo "or the $IPSEC_NAME documentation for names of the common ones."
  74         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
  75         echo "See <http://www.strongswan.org> for more general info."
  76         exit 0
  77         ;;
  78 --help)
  79         echo "Usage: ipsec command argument ..."
  80         echo "where command is one of:"
  81         echo "  start|restart  arguments..."
  82         echo "  update|reload|stop"
  83         echo "  up|down|route|unroute <connectionname>"
  84         echo "  status|statusall [<connectionname>]"
  85         echo "  ready"
  86         echo "  listalgs|listpubkeys|listcerts [--utc]"
  87         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
  88         echo "  listacerts|listgroups|listcainfos [--utc]"
  89         echo "  listcrls|listocsp|listcards|listall [--utc]"
  90         echo "  rereadsecrets|rereadgroups"
  91         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
  92         echo "  rereadacerts|rereadcrls|rereadall"
  93         echo "  purgeocsp"
  94         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
  95         echo "  barf"
  96         echo "  openac"
  97         echo "  pluto"
  98         echo "  scepclient"
  99         echo "  secrets"
 100         echo "  starter"
 101         echo "  version"
 102         echo "  whack"
 103         echo
 104         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
 105         exit 0
 106         ;;
 107 --versioncode)
 108         fixversion
 109         echo "$version"
 110         exit 0
 111         ;;
 112 --copyright)
 113         set _copyright
 114         # and fall through, invoking "ipsec _copyright"
 115         ;;
 116 --directory)
 117         echo "$IPSEC_DIR"
 118         exit 0
 119         ;;
 120 --confdir)
 121         echo "$IPSEC_CONFS"
 122         exit 0
 123         ;;
 124 down)
 125         shift
 126         $IPSEC_EXECDIR/whack --name "$1" --terminate
 127         if test -e $IPSEC_CHARON_PID
 128         then
 129             $IPSEC_EXECDIR/stroke down "$1"
 130         fi
 131         exit 0
 132         ;;
 133 listalgs|listpubkeys|listcerts|listcacerts|\
 134 listaacerts|listocspcerts|listacerts|listgroups|\
 135 listcainfos|listcrls|listocsp|listcards|\
 136 listall|purgeocsp|rereadsecrets|rereadgroups|\
 137 rereadcacerts|rereadaacerts|rereadocspcerts|\
 138 rereadacerts|rereadcrls|rereadall)
 139         op="$1"
 140         shift
 141         $IPSEC_EXECDIR/whack "$@" "--$op"
 142         if test -e $IPSEC_CHARON_PID
 143         then
 144             $IPSEC_EXECDIR/stroke "$op"
 145         fi
 146         exit 0
 147         ;;
 148 ready)
 149         shift
 150         $IPSEC_EXECDIR/whack --listen
 151         exit 0
 152         ;;
 153 reload)
 154         if test -e $IPSEC_STARTER_PID
 155         then
 156             echo "Reloading strongSwan IPsec configuration..." >&2
 157             kill -s USR1 `cat $IPSEC_STARTER_PID`
 158         else
 159             echo "ipsec starter is not running" >&2
 160         fi
 161         exit 0
 162         ;;
 163 restart)
 164         $IPSEC_SBINDIR/ipsec stop
 165         sleep 2
 166         shift
 167         $IPSEC_SBINDIR/ipsec start "$@"
 168         exit 0
 169         ;;
 170 route|unroute)
 171         op="$1"
 172         shift
 173         $IPSEC_EXECDIR/whack --name "$1" "--$op"
 174         exit 0
 175         ;;
 176 scencrypt|scdecrypt)
 177         op="$1"
 178         shift
 179         $IPSEC_EXECDIR/whack "--$op" "$@"
 180         exit 0
 181         ;;
 182 secrets)
 183         $IPSEC_EXECDIR/whack --rereadsecrets
 184         exit 0
 185         ;;
 186 start)
 187         shift
 188         exec $IPSEC_EXECDIR/starter "$@"
 189         ;;
 190 status|statusall)
 191         op="$1"
 192         shift
 193         if test $# -eq 0
 194         then
 195             $IPSEC_EXECDIR/whack "--$op"
 196             if test -e $IPSEC_CHARON_PID
 197             then
 198                 $IPSEC_EXECDIR/stroke "$op"
 199             fi
 200         else
 201             $IPSEC_EXECDIR/whack --name "$1" "--$op"
 202             if test -e $IPSEC_CHARON_PID
 203             then
 204                 $IPSEC_EXECDIR/stroke "$op" "$1"
 205             fi
 206         fi
 207         exit 0
 208         ;;
 209 stop)
 210         if test -e $IPSEC_STARTER_PID
 211         then
 212             echo "Stopping strongSwan IPsec..." >&2
 213             kill `cat $IPSEC_STARTER_PID`
 214         else
 215             echo "ipsec starter is not running" >&2
 216         fi
 217         exit 0
 218         ;;
 219 up)
 220         shift
 221         $IPSEC_EXECDIR/whack --name "$1" --initiate
 222         if test -e $IPSEC_CHARON_PID
 223         then
 224             $IPSEC_EXECDIR/stroke up "$1"
 225         fi
 226         exit 0
 227         ;;
 228 update)
 229         if test -e $IPSEC_STARTER_PID
 230         then
 231             echo "Updating strongSwan IPsec configuration..." >&2
 232             kill -s HUP `cat $IPSEC_STARTER_PID`
 233         else
 234             echo "ipsec starter is not running" >&2
 235         fi
 236         exit 0
 237         ;;
 238 version|--version)
 239         fixversion
 240         echo "Linux $IPSEC_NAME $version"
 241         echo "See \`ipsec --copyright' for copyright information."
 242         if [ -f $IPSEC_LIBDIR/distro.txt ]
 243         then
 244             cat $IPSEC_LIBDIR/distro.txt
 245         fi
 246         exit 0
 247         ;;
 248 --*)
 249         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
 250         exit 1
 251         ;;
 252 esac
 253
 254 cmd="$1"
 255 shift
 256
 257 path="$IPSEC_EXECDIR/$cmd"
 258
 259 if test ! -x "$path"
 260 then
 261     path="$IPSEC_LIBDIR/$cmd"
 262     if test ! -x "$path"
 263     then
 264         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
 265         exit 1
 266     fi
 267 fi
 268
 269 exec $path "$@"