diff options
Diffstat (limited to 'programs/ipsec/ipsec.in')
| -rwxr-xr-x | programs/ipsec/ipsec.in | 244 |
1 files changed, 244 insertions, 0 deletions
diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in new file mode 100755 index 000000000..0616561d8 --- /dev/null +++ b/programs/ipsec/ipsec.in @@ -0,0 +1,244 @@ +#! /bin/sh +# prefix command to run stuff from our programs directory +# Copyright (C) 1998-2002 Henry Spencer. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $ + +IPSEC_NAME=strongSwan + +# where the private directory and the config files are +IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}" +IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}" +IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}" +IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}" + +IPSEC_DIR="$IPSEC_LIBDIR" +export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR + +IPSEC_STARTER_PID="/var/run/starter.pid" + +# standardize PATH, and export it for everything else's benefit +PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin +export PATH + +# things not to be listed in --help command list +DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$' + +# version numbering (details filled in by build) +# Possibly should call a C program to invoke the version_code() function +# instead, but for performance's sake, we inline it here (and only here). +version="xxx" + +# export the version information +IPSEC_VERSION="$version" +export IPSEC_VERSION + +# function for the funky user/kernel version stuff +fixversion() { + if test -f /proc/net/ipsec_version + then + stack=" (KLIPS)" + kv="`awk '{print $NF}' /proc/net/ipsec_version`" + else + if test -f /proc/net/pfkey + then + stack=" (native)" + kv="`uname -r`" + else + kv="(no kernel code presently loaded)" + fi + fi + if test " $kv" != " $version" + then + version="U$version/K$kv" + fi + version="$version$stack" +} + +case "$1" in +'') + echo "Usage: ipsec command argument ..." + echo "Use --help for list of commands, or see ipsec(8) manual page" + echo "or the $IPSEC_NAME documentation for names of the common ones." + echo "Most have their own manual pages, e.g. ipsec_auto(8)." + echo "See <http://www.strongswan.org> for more general info." + exit 0 + ;; +--help) + echo "Usage: ipsec command argument ..." + echo "where command is one of:" + echo " start|restart arguments..." + echo " update|reload|stop" + echo " up|down|route|unroute <connectionname>" + echo " status|statusall [<connectionname>]" + echo " ready" + echo " listalgs|listpubkeys|listcerts [--utc]" + echo " listcacerts|listaacerts|listocspcerts [--utc]" + echo " listacerts|listgroups|listcainfos [--utc]" + echo " listcrls|listocsp|listcards|listall [--utc]" + echo " rereadsecrets|rereadgroups" + echo " rereadcacerts|rereadaacerts|rereadocspcerts" + echo " rereadacerts|rereadcrls|rereadall" + echo " purgeocsp" + echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]" + echo " barf" + echo " openac" + echo " pluto" + echo " scepclient" + echo " secrets" + echo " starter" + echo " version" + echo " whack" + echo + echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)." + exit 0 + ;; +--versioncode) + fixversion + echo "$version" + exit 0 + ;; +--copyright) + set _copyright + # and fall through, invoking "ipsec _copyright" + ;; +--directory) + echo "$IPSEC_DIR" + exit 0 + ;; +--confdir) + echo "$IPSEC_CONFS" + exit 0 + ;; +down) + shift + $IPSEC_EXECDIR/whack --name "$1" --terminate + exit 0 + ;; +listalgs|listpubkeys|listcerts|listcacerts|\ +listaacerts|listocspcerts|listacerts|listgroups|\ +listcainfos|listcrls|listocsp|listcards|\ +listall|purgeocsp|rereadsecrets|rereadgroups|\ +rereadcacerts|rereadaacerts|rereadocspcerts|\ +rereadacerts|rereadcrls|rereadall) + op="$1" + shift + $IPSEC_EXECDIR/whack "$@" "--$op" + exit 0 + ;; +ready) + shift + $IPSEC_EXECDIR/whack --listen + exit 0 + ;; +reload) + if test -e $IPSEC_STARTER_PID + then + echo "Reloading strongSwan IPsec configuration..." >&2 + kill -s USR1 `cat $IPSEC_STARTER_PID` + else + echo "ipsec starter is not running" >&2 + fi + exit 0 + ;; +restart) + $IPSEC_SBINDIR/ipsec stop + sleep 2 + shift + $IPSEC_SBINDIR/ipsec start "$@" + exit 0 + ;; +route|unroute) + op="$1" + shift + $IPSEC_EXECDIR/whack --name "$1" "--$op" + exit 0 + ;; +scencrypt|scdecrypt) + op="$1" + shift + $IPSEC_EXECDIR/whack "--$op" "$@" + exit 0 + ;; +start) + shift + exec $IPSEC_EXECDIR/starter "$@" + ;; +status|statusall) + op="$1" + shift + if test $# -eq 0 + then + $IPSEC_EXECDIR/whack "--$op" + else + $IPSEC_EXECDIR/whack --name "$1" "--$op" + fi + exit 0 + ;; +stop) + if test -e $IPSEC_STARTER_PID + then + echo "Stopping strongSwan IPsec..." >&2 + kill `cat $IPSEC_STARTER_PID` + else + echo "ipsec starter is not running" >&2 + fi + exit 0 + ;; +up) + shift + $IPSEC_EXECDIR/whack --name "$1" --initiate + exit 0 + ;; +update) + if test -e $IPSEC_STARTER_PID + then + echo "Updating strongSwan IPsec configuration..." >&2 + kill -s HUP `cat $IPSEC_STARTER_PID` + else + echo "ipsec starter is not running" >&2 + fi + exit 0 + ;; +version|--version) + fixversion + echo "Linux $IPSEC_NAME $version" + echo "See \`ipsec --copyright' for copyright information." + if [ -f $IPSEC_LIBDIR/distro.txt ] + then + cat $IPSEC_LIBDIR/distro.txt + fi + exit 0 + ;; +--*) + echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2 + exit 1 + ;; +esac + +cmd="$1" +shift + +path="$IPSEC_EXECDIR/$cmd" + +if test ! -x "$path" +then + path="$IPSEC_LIBDIR/$cmd" + if test ! -x "$path" + then + echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2 + exit 1 + fi +fi + +exec $path "$@" |