]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/ipsec/ipsec.in
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added options to flush CRLs/X509 certs from the cert cache
[thirdparty/strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002 Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
19 export PATH
20
21 # name and version of the ipsec implementation
22 IPSEC_NAME="@IPSEC_NAME@"
23 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
24
25 # where the private directory and the config files are
26 IPSEC_DIR="@IPSEC_DIR@"
27 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
28 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
29 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
30
31 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
32 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
33 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
34
35 IPSEC_WHACK="${IPSEC_DIR}/whack"
36 IPSEC_STROKE="${IPSEC_DIR}/stroke"
37 IPSEC_STARTER="${IPSEC_DIR}/starter"
38
39 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
40
41 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
42
43 case "$1" in
44 '')
45 echo "Usage: ipsec command argument ..."
46 echo "Use --help for list of commands, or see ipsec(8) manual page"
47 echo "or the $IPSEC_NAME documentation for names of the common ones."
48 echo "Most have their own manual pages, e.g. ipsec_auto(8)."
49 echo "See <http://www.strongswan.org> for more general info."
50 exit 0
51 ;;
52 --help)
53 echo "Usage: ipsec command argument ..."
54 echo "where command is one of:"
55 echo " start|restart arguments..."
56 echo " update|reload|stop"
57 echo " up|down|route|unroute <connectionname>"
58 echo " status|statusall [<connectionname>]"
59 echo " ready"
60 echo " listalgs|listpubkeys|listcerts [--utc]"
61 echo " listcacerts|listaacerts|listocspcerts [--utc]"
62 echo " listacerts|listgroups|listcainfos [--utc]"
63 echo " listcrls|listocsp|listcards|listall [--utc]"
64 echo " leases [<poolname> [<address>]]"
65 echo " rereadsecrets|rereadgroups"
66 echo " rereadcacerts|rereadaacerts|rereadocspcerts"
67 echo " rereadacerts|rereadcrls|rereadall"
68 echo " purgeocsp|purgecrl|purgex509|purgeike"
69 echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
70 echo " openac"
71 echo " pluto"
72 echo " scepclient"
73 echo " secrets"
74 echo " starter"
75 echo " version"
76 echo " whack"
77 echo " stroke"
78 echo
79 echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
80 exit 0
81 ;;
82 --versioncode)
83 echo "$IPSEC_VERSION"
84 exit 0
85 ;;
86 --directory)
87 echo "$IPSEC_DIR"
88 exit 0
89 ;;
90 --confdir)
91 echo "$IPSEC_CONFDIR"
92 exit 0
93 ;;
94 copyright|--copyright)
95 set _copyright
96 # and fall through, invoking "ipsec _copyright"
97 ;;
98 down)
99 shift
100 if [ "$#" -ne 1 ]
101 then
102 echo "Usage: ipsec down <connection name>"
103 exit 2
104 fi
105 rc=7
106 if [ -e $IPSEC_PLUTO_PID ]
107 then
108 $IPSEC_WHACK --name "$1" --terminate
109 rc="$?"
110 fi
111 if [ -e $IPSEC_CHARON_PID ]
112 then
113 $IPSEC_STROKE down "$1"
114 rc="$?"
115 fi
116 exit "$rc"
117 ;;
118 down-srcip)
119 shift
120 if [ "$#" -lt 1 ]
121 then
122 echo "Usage: ipsec down-srcip <start> [<end>]"
123 exit 2
124 fi
125 rc=7
126 if [ -e $IPSEC_CHARON_PID ]
127 then
128 $IPSEC_STROKE down-srcip $*
129 rc="$?"
130 fi
131 exit "$rc"
132 ;;
133 listcards|rereadgroups)
134 op="$1"
135 shift
136 if [ -e $IPSEC_PLUTO_PID ]
137 then
138 $IPSEC_WHACK "$@" "--$op"
139 rc="$?"
140 fi
141 if [ -e $IPSEC_CHARON_PID ]
142 then
143 exit 3
144 else
145 exit 7
146 fi
147 ;;
148 leases)
149 op="$1"
150 rc=7
151 shift
152 if [ -e $IPSEC_PLUTO_PID ]
153 then
154 case "$#" in
155 0) $IPSEC_WHACK "--$op" ;;
156 1) $IPSEC_WHACK "--$op" --name "$1" ;;
157 *) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;;
158 esac
159 rc="$?"
160 fi
161 if [ -e $IPSEC_CHARON_PID ]
162 then
163 case "$#" in
164 0) $IPSEC_STROKE "$op" ;;
165 1) $IPSEC_STROKE "$op" "$1" ;;
166 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
167 esac
168 rc="$?"
169 fi
170 exit "$rc"
171 ;;
172 listalgs|\listpubkeys|\
173 listcerts|listcacerts|listaacerts|\
174 listacerts|listgroups|listocspcerts|\
175 listcainfos|listcrls|listocsp|listall|\
176 rereadsecrets|rereadcacerts|rereadaacerts|\
177 rereadacerts|rereadocspcerts|rereadcrls|\
178 rereadall|purgeocsp)
179 op="$1"
180 rc=7
181 shift
182 if [ -e $IPSEC_PLUTO_PID ]
183 then
184 $IPSEC_WHACK "$@" "--$op"
185 rc="$?"
186 fi
187 if [ -e $IPSEC_CHARON_PID ]
188 then
189 $IPSEC_STROKE "$op" "$@"
190 rc="$?"
191 fi
192 exit "$rc"
193 ;;
194 purgeike|purgecrl|purgex509)
195 rc=7
196 if [ -e $IPSEC_CHARON_PID ]
197 then
198 $IPSEC_STROKE purgeike
199 rc="$?"
200 fi
201 exit "$rc"
202 ;;
203 ready)
204 shift
205 if [ -e $IPSEC_PLUTO_PID ]
206 then
207 $IPSEC_WHACK --listen
208 exit 0
209 else
210 exit 7
211 fi
212 ;;
213 reload)
214 rc=7
215 if [ -e $IPSEC_STARTER_PID ]
216 then
217 echo "Reloading strongSwan IPsec configuration..." >&2
218 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
219 else
220 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
221 fi
222 exit "$rc"
223 ;;
224 restart)
225 $IPSEC_SBINDIR/ipsec stop
226 sleep 2
227 shift
228 exec $IPSEC_SBINDIR/ipsec start "$@"
229 ;;
230 route|unroute)
231 op="$1"
232 rc=7
233 shift
234 if [ "$#" -ne 1 ]
235 then
236 echo "Usage: ipsec $op <connection name>"
237 exit 2
238 fi
239 if [ -e $IPSEC_PLUTO_PID ]
240 then
241 $IPSEC_WHACK --name "$1" "--$op"
242 rc="$?"
243 fi
244 if [ -e $IPSEC_CHARON_PID ]
245 then
246 $IPSEC_STROKE "$op" "$1"
247 rc="$?"
248 fi
249 exit "$rc"
250 ;;
251 scencrypt|scdecrypt)
252 op="$1"
253 shift
254 if [ -e $IPSEC_PLUTO_PID ]
255 then
256 $IPSEC_WHACK "--$op" "$@"
257 exit "$?"
258 else
259 exit 7
260 fi
261 ;;
262 secrets)
263 rc=7
264 if [ -e $IPSEC_PLUTO_PID ]
265 then
266 $IPSEC_WHACK --rereadsecrets
267 rc="$?"
268 fi
269 if [ -e $IPSEC_CHARON_PID ]
270 then
271 $IPSEC_STROKE rereadsecrets
272 rc="$?"
273 fi
274 exit "$rc"
275 ;;
276 start)
277 shift
278 if [ -d /var/lock/subsys ]; then
279 touch /var/lock/subsys/ipsec
280 fi
281 exec $IPSEC_STARTER "$@"
282 ;;
283 status|statusall)
284 op="$1"
285 # Return value is slightly different for the status command:
286 # 0 - service up and running
287 # 1 - service dead, but /var/run/ pid file exists
288 # 2 - service dead, but /var/lock/ lock file exists
289 # 3 - service not running (unused)
290 # 4 - service status unknown :-(
291 # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
292 shift
293 if [ $# -eq 0 ]
294 then
295 if [ -e $IPSEC_PLUTO_PID ]
296 then
297 $IPSEC_WHACK "--$op"
298 fi
299 if [ -e $IPSEC_CHARON_PID ]
300 then
301 $IPSEC_STROKE "$op"
302 fi
303 else
304 if [ -e $IPSEC_PLUTO_PID ]
305 then
306 $IPSEC_WHACK --name "$1" "--$op"
307 fi
308 if [ -e $IPSEC_CHARON_PID ]
309 then
310 $IPSEC_STROKE "$op" "$1"
311 fi
312 fi
313 if [ -e $IPSEC_STARTER_PID ]
314 then
315 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
316 exit $?
317 fi
318 exit 3
319 ;;
320 stop)
321 # stopping a not-running service is considered as success
322 if [ -e $IPSEC_STARTER_PID ]
323 then
324 echo "Stopping strongSwan IPsec..." >&2
325 spid=`cat $IPSEC_STARTER_PID`
326 if [ -n "$spid" ]
327 then
328 kill $spid 2>/dev/null
329 loop=5
330 while [ $loop -gt 0 ] ; do
331 kill -0 $spid 2>/dev/null || break
332 sleep 1
333 loop=$(($loop - 1))
334 done
335 if [ $loop -eq 0 ]
336 then
337 kill -KILL $spid 2>/dev/null
338 rm -f $IPSEC_STARTER_PID
339 fi
340 fi
341 else
342 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
343 fi
344 if [ -d /var/lock/subsys ]; then
345 rm -f /var/lock/subsys/ipsec
346 fi
347 exit 0
348 ;;
349 up)
350 shift
351 if [ "$#" -ne 1 ]
352 then
353 echo "Usage: ipsec up <connection name>"
354 exit 2
355 fi
356 rc=7
357 if [ -e $IPSEC_PLUTO_PID ]
358 then
359 $IPSEC_WHACK --name "$1" --initiate
360 rc="$?"
361 fi
362 if [ -e $IPSEC_CHARON_PID ]
363 then
364 $IPSEC_STROKE up "$1"
365 rc="$?"
366 fi
367 exit "$rc"
368 ;;
369 update)
370 if [ -e $IPSEC_STARTER_PID ]
371 then
372 echo "Updating strongSwan IPsec configuration..." >&2
373 kill -HUP `cat $IPSEC_STARTER_PID`
374 exit 0
375 else
376 echo "Updating strongSwan IPsec failed: starter is not running" >&2
377 exit 7
378 fi
379 ;;
380 version|--version)
381 printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
382 printf "$IPSEC_DISTRO\n"
383 printf "See 'ipsec --copyright' for copyright information.\n"
384 exit 0
385 ;;
386 --*)
387 echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
388 exit 2
389 ;;
390 esac
391
392 cmd="$1"
393 shift
394
395 path="$IPSEC_DIR/$cmd"
396
397 if [ ! -x "$path" ]
398 then
399 path="$IPSEC_DIR/$cmd"
400 if [ ! -x "$path" ]
401 then
402 echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
403 exit 2
404 fi
405 fi
406
407 exec $path "$@"
Unnamed repository; edit this file 'description' to name the repository.