#! /bin/sh # prefix command to run stuff from our programs directory # Copyright (C) 1998-2002 Henry Spencer. # Copyright (C) 2006 Andreas Steffen # Copyright (C) 2006 Martin Willi # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: ipsec.in 4790 2008-12-11 12:49:41Z martin $ # define a minimum PATH environment in case it is not set PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@" export PATH # name and version of the ipsec implementation IPSEC_NAME="@IPSEC_NAME@" IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`" # where the private directory and the config files are IPSEC_DIR="@IPSEC_DIR@" IPSEC_SBINDIR="@IPSEC_SBINDIR@" IPSEC_CONFDIR="@IPSEC_CONFDIR@" IPSEC_PIDDIR="@IPSEC_PIDDIR@" IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid" IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid" IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid" IPSEC_WHACK="${IPSEC_DIR}/whack" IPSEC_STROKE="${IPSEC_DIR}/stroke" IPSEC_STARTER="${IPSEC_DIR}/starter" export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland" case "$1" in '') echo "Usage: ipsec command argument ..." echo "Use --help for list of commands, or see ipsec(8) manual page" echo "or the $IPSEC_NAME documentation for names of the common ones." echo "Most have their own manual pages, e.g. ipsec_auto(8)." echo "See for more general info." exit 0 ;; --help) echo "Usage: ipsec command argument ..." echo "where command is one of:" echo " start|restart arguments..." echo " update|reload|stop" echo " up|down|route|unroute " echo " status|statusall []" echo " ready" echo " listalgs|listpubkeys|listcerts [--utc]" echo " listcacerts|listaacerts|listocspcerts [--utc]" echo " listacerts|listgroups|listcainfos [--utc]" echo " listcrls|listocsp|listcards|listall [--utc]" echo " leases [ [
]]" echo " rereadsecrets|rereadgroups" echo " rereadcacerts|rereadaacerts|rereadocspcerts" echo " rereadacerts|rereadcrls|rereadall" echo " purgeocsp" echo " scencrypt|scdecrypt [--inbase ] [--outbase ] [--keyid ]" echo " openac" echo " pluto" echo " scepclient" echo " secrets" echo " starter" echo " version" echo " whack" echo " stroke" echo echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)." exit 0 ;; --versioncode) echo "$IPSEC_VERSION" exit 0 ;; --directory) echo "$IPSEC_DIR" exit 0 ;; --confdir) echo "$IPSEC_CONFDIR" exit 0 ;; copyright|--copyright) set _copyright # and fall through, invoking "ipsec _copyright" ;; down) shift if [ "$#" -ne 1 ] then echo "Usage: ipsec down " exit 2 fi rc=7 if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK --name "$1" --terminate rc="$?" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE down "$1" rc="$?" fi exit "$rc" ;; down-srcip) shift if [ "$#" -lt 1 ] then echo "Usage: ipsec down-srcip []" exit 2 fi rc=7 if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE down-srcip $* rc="$?" fi exit "$rc" ;; listcards|rereadgroups) op="$1" shift if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK "$@" "--$op" rc="$?" fi if [ -e $IPSEC_CHARON_PID ] then exit 3 else exit 7 fi ;; leases) op="$1" rc=7 shift if [ -e $IPSEC_CHARON_PID ] then case "$#" in 0) $IPSEC_STROKE "$op" ;; 1) $IPSEC_STROKE "$op" "$1" ;; *) $IPSEC_STROKE "$op" "$1" "$2" ;; esac rc="$?" fi exit "$rc" ;; listalgs|\listpubkeys|\ listcerts|listcacerts|listaacerts|\ listacerts|listgroups|listocspcerts|\ listcainfos|listcrls|listocsp|listall|\ rereadsecrets|rereadcacerts|rereadaacerts|\ rereadacerts|rereadocspcerts|rereadcrls|\ rereadall|purgeocsp) op="$1" rc=7 shift if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK "$@" "--$op" rc="$?" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE "$op" "$@" rc="$?" fi exit "$rc" ;; ready) shift if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK --listen exit 0 else exit 7 fi ;; reload) rc=7 if [ -e $IPSEC_STARTER_PID ] then echo "Reloading strongSwan IPsec configuration..." >&2 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0 else echo "Reloading strongSwan IPsec failed: starter is not running" >&2 fi exit "$rc" ;; restart) $IPSEC_SBINDIR/ipsec stop sleep 2 shift exec $IPSEC_SBINDIR/ipsec start "$@" ;; route|unroute) op="$1" rc=7 shift if [ "$#" -ne 1 ] then echo "Usage: ipsec $op " exit 2 fi if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK --name "$1" "--$op" rc="$?" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE "$op" "$1" rc="$?" fi exit "$rc" ;; scencrypt|scdecrypt) op="$1" shift if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK "--$op" "$@" exit "$?" else exit 7 fi ;; secrets) rc=7 if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK --rereadsecrets rc="$?" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE rereadsecrets rc="$?" fi exit "$rc" ;; start) shift if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/ipsec fi exec $IPSEC_STARTER "$@" ;; status|statusall) op="$1" # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) shift if [ $# -eq 0 ] then if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK "--$op" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE "$op" fi else if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK --name "$1" "--$op" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE "$op" "$1" fi fi if [ -e $IPSEC_STARTER_PID ] then kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null exit $? fi exit 3 ;; stop) # stopping a not-running service is considered as success if [ -e $IPSEC_STARTER_PID ] then echo "Stopping strongSwan IPsec..." >&2 spid=`cat $IPSEC_STARTER_PID` if [ -n "$spid" ] then kill $spid 2>/dev/null loop=5 while [ $loop -gt 0 ] ; do kill -0 $spid 2>/dev/null || break sleep 1 loop=$(($loop - 1)) done if [ $loop -eq 0 ] then kill -KILL $spid 2>/dev/null rm -f $IPSEC_STARTER_PID fi fi else echo "Stopping strongSwan IPsec failed: starter is not running" >&2 fi if [ -d /var/lock/subsys ]; then rm -f /var/lock/subsys/ipsec fi exit 0 ;; up) shift if [ "$#" -ne 1 ] then echo "Usage: ipsec up " exit 2 fi rc=7 if [ -e $IPSEC_PLUTO_PID ] then $IPSEC_WHACK --name "$1" --initiate rc="$?" fi if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE up "$1" rc="$?" fi exit "$rc" ;; update) if [ -e $IPSEC_STARTER_PID ] then echo "Updating strongSwan IPsec configuration..." >&2 kill -HUP `cat $IPSEC_STARTER_PID` exit 0 else echo "Updating strongSwan IPsec failed: starter is not running" >&2 exit 7 fi ;; version|--version) printf "Linux $IPSEC_NAME $IPSEC_VERSION\n" printf "$IPSEC_DISTRO\n" printf "See 'ipsec --copyright' for copyright information.\n" exit 0 ;; --*) echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2 exit 2 ;; esac cmd="$1" shift path="$IPSEC_DIR/$cmd" if [ ! -x "$path" ] then path="$IPSEC_DIR/$cmd" if [ ! -x "$path" ] then echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2 exit 2 fi fi exec $path "$@"