strongswan/src/ipsec/ipsec.in

#! /bin/sh
# prefix command to run stuff from our programs directory
# Copyright (C) 1998-2002  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $

IPSEC_NAME=strongSwan

# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"

IPSEC_DIR="$IPSEC_LIBDIR"
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR

IPSEC_STARTER_PID="/var/run/starter.pid"
IPSEC_CHARON_PID="/var/run/charon.pid"

# standardize PATH, and export it for everything else's benefit
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
export PATH

# things not to be listed in --help command list
DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'

# version numbering (details filled in by build)
# Possibly should call a C program to invoke the version_code() function
# instead, but for performance's sake, we inline it here (and only here).
version="xxx"

# export the version information
IPSEC_VERSION="$version"
export IPSEC_VERSION

# function for the funky user/kernel version stuff
fixversion() {
	if test -f /proc/net/ipsec_version
	then
	stack=" (KLIPS)"
	kv="`awk '{print $NF}' /proc/net/ipsec_version`"
	else
                if test -f /proc/net/pfkey
                then
			stack=" (native)"
                        kv="`uname -r`"
                else
                        kv="(no kernel code presently loaded)"
                fi
	fi
	if test " $kv" != " $version"
	then
	version="U$version/K$kv"
	fi
	version="$version$stack"
}

case "$1" in
'')
	echo "Usage: ipsec command argument ..."
	echo "Use --help for list of commands, or see ipsec(8) manual page"
	echo "or the $IPSEC_NAME documentation for names of the common ones."
	echo "Most have their own manual pages, e.g. ipsec_auto(8)."
	echo "See <http://www.strongswan.org> for more general info."
	exit 0
	;;
--help)
	echo "Usage: ipsec command argument ..."
	echo "where command is one of:"
	echo "	start|restart  arguments..."
	echo "	update|reload|stop"
	echo "	up|down|route|unroute <connectionname>"
	echo "	status|statusall [<connectionname>]"
	echo "	ready"
	echo "	listalgs|listpubkeys|listcerts [--utc]"
	echo "	listcacerts|listaacerts|listocspcerts [--utc]"
	echo "	listacerts|listgroups|listcainfos [--utc]"
	echo "	listcrls|listocsp|listcards|listall [--utc]"
	echo "	rereadsecrets|rereadgroups"
	echo "	rereadcacerts|rereadaacerts|rereadocspcerts"
	echo "	rereadacerts|rereadcrls|rereadall"
	echo "	purgeocsp"
	echo "	scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
        echo "	barf"
	echo "	openac"
	echo "	pluto"
	echo "	scepclient"
	echo "	secrets"
	echo "	starter"
	echo "	version"
	echo "	whack"
	echo
	echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
	exit 0
	;;
--versioncode)
	fixversion
	echo "$version"
	exit 0
	;;
--copyright)
	set _copyright
	# and fall through, invoking "ipsec _copyright"
	;;
--directory)
	echo "$IPSEC_DIR"
	exit 0
	;;
--confdir)
	echo "$IPSEC_CONFS"
	exit 0
	;;
down)
	shift
	$IPSEC_EXECDIR/whack --name "$1" --terminate
	if test -e $IPSEC_CHARON_PID
	then
	    $IPSEC_EXECDIR/stroke down "$1"
	fi
	exit 0
	;;
listalgs|listpubkeys|listcerts|listcacerts|\
listaacerts|listocspcerts|listacerts|listgroups|\
listcainfos|listcrls|listocsp|listcards|\
listall|purgeocsp|rereadsecrets|rereadgroups|\
rereadcacerts|rereadaacerts|rereadocspcerts|\
rereadacerts|rereadcrls|rereadall)
	op="$1"
	shift
        $IPSEC_EXECDIR/whack "$@" "--$op"
	if test -e $IPSEC_CHARON_PID
	then
            $IPSEC_EXECDIR/stroke "$op"
        fi
	exit 0
	;;
ready)
	shift
	$IPSEC_EXECDIR/whack --listen
	exit 0
	;;
reload)
	if test -e $IPSEC_STARTER_PID 
	then
	    echo "Reloading strongSwan IPsec configuration..." >&2
	    kill -s USR1 `cat $IPSEC_STARTER_PID`
	else
	    echo "ipsec starter is not running" >&2
	fi
	exit 0
	;;
restart)
	$IPSEC_SBINDIR/ipsec stop
	sleep 2
	shift
	$IPSEC_SBINDIR/ipsec start "$@"
	exit 0
	;;
route|unroute)
	op="$1"
	shift
	$IPSEC_EXECDIR/whack --name "$1" "--$op"
	exit 0
	;;
scencrypt|scdecrypt)
	op="$1"
	shift
        $IPSEC_EXECDIR/whack "--$op" "$@"
	exit 0
	;;
secrets)
        $IPSEC_EXECDIR/whack --rereadsecrets
        exit 0
        ;;
start)
	shift
	exec $IPSEC_EXECDIR/starter "$@"
	;;
status|statusall)
	op="$1"
	shift
	if test $# -eq 0
	then
	    $IPSEC_EXECDIR/whack "--$op"
	    if test -e $IPSEC_CHARON_PID
	    then
	    	$IPSEC_EXECDIR/stroke "$op"
	    fi
	else
	    $IPSEC_EXECDIR/whack --name "$1" "--$op"
	    if test -e $IPSEC_CHARON_PID
	    then
	    	$IPSEC_EXECDIR/stroke "$op" "$1"
	    fi
	fi
	exit 0
	;;
stop)
	if test -e $IPSEC_STARTER_PID 
	then
	    echo "Stopping strongSwan IPsec..." >&2
	    kill `cat $IPSEC_STARTER_PID`
	else
	    echo "ipsec starter is not running" >&2
	fi
	exit 0
	;;
up)
	shift
	$IPSEC_EXECDIR/whack --name "$1" --initiate
	if test -e $IPSEC_CHARON_PID
	then
	    $IPSEC_EXECDIR/stroke up "$1"
	fi
	exit 0
	;;
update)
	if test -e $IPSEC_STARTER_PID 
	then
	    echo "Updating strongSwan IPsec configuration..." >&2
	    kill -s HUP `cat $IPSEC_STARTER_PID`
	else
	    echo "ipsec starter is not running" >&2
	fi
	exit 0
	;;
version|--version)
	fixversion
	echo "Linux $IPSEC_NAME $version"
	echo "See \`ipsec --copyright' for copyright information."
	if [ -f $IPSEC_LIBDIR/distro.txt ]
	then
	    cat $IPSEC_LIBDIR/distro.txt
	fi
	exit 0
	;;
--*)
	echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
	exit 1
	;;
esac

cmd="$1"
shift

path="$IPSEC_EXECDIR/$cmd"

if test ! -x "$path" 
then
    path="$IPSEC_LIBDIR/$cmd"
    if test ! -x "$path"
    then
	echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
	exit 1
    fi
fi

exec $path "$@"
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`#! /bin/sh`
			`# prefix command to run stuff from our programs directory`
			`# Copyright (C) 1998-2002 Henry Spencer.`
			`#`
			`# This program is free software; you can redistribute it and/or modify it`
			`# under the terms of the GNU General Public License as published by the`
			`# Free Software Foundation; either version 2 of the License, or (at your`
			`# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.`
			`#`
			`# This program is distributed in the hope that it will be useful, but`
			`# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY`
			`# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License`
			`# for more details.`
			`#`
			`# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $`

			`IPSEC_NAME=strongSwan`

			`# where the private directory and the config files are`
			`IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"`
			`IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"`
			`IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"`
			`IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"`

			`IPSEC_DIR="$IPSEC_LIBDIR"`
			`export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR`

			`IPSEC_STARTER_PID="/var/run/starter.pid"`
- applied patch for charon (this time really) 2006-04-28 07:16:42 +00:00			`IPSEC_CHARON_PID="/var/run/charon.pid"`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00
			`# standardize PATH, and export it for everything else's benefit`
			`PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin`
			`export PATH`

			`# things not to be listed in --help command list`
			`DONTMENTION='^(ipsec\|_.\|.\.old\|.*~)$'`

			`# version numbering (details filled in by build)`
			`# Possibly should call a C program to invoke the version_code() function`
			`# instead, but for performance's sake, we inline it here (and only here).`
			`version="xxx"`

			`# export the version information`
			`IPSEC_VERSION="$version"`
			`export IPSEC_VERSION`

			`# function for the funky user/kernel version stuff`
			`fixversion() {`
			`if test -f /proc/net/ipsec_version`
			`then`
			`stack=" (KLIPS)"`
			kv="`awk '{print $NF}' /proc/net/ipsec_version`"
			`else`
			`if test -f /proc/net/pfkey`
			`then`
			`stack=" (native)"`
			kv="`uname -r`"
			`else`
			`kv="(no kernel code presently loaded)"`
			`fi`
			`fi`
			`if test " $kv" != " $version"`
			`then`
			`version="U$version/K$kv"`
			`fi`
			`version="$version$stack"`
			`}`

			`case "$1" in`
			`'')`
			`echo "Usage: ipsec command argument ..."`
			`echo "Use --help for list of commands, or see ipsec(8) manual page"`
			`echo "or the $IPSEC_NAME documentation for names of the common ones."`
			`echo "Most have their own manual pages, e.g. ipsec_auto(8)."`
			`echo "See <http://www.strongswan.org> for more general info."`
			`exit 0`
			`;;`
			`--help)`
			`echo "Usage: ipsec command argument ..."`
			`echo "where command is one of:"`
			`echo " start\|restart arguments..."`
			`echo " update\|reload\|stop"`
			`echo " up\|down\|route\|unroute <connectionname>"`
			`echo " status\|statusall [<connectionname>]"`
			`echo " ready"`
			`echo " listalgs\|listpubkeys\|listcerts [--utc]"`
			`echo " listcacerts\|listaacerts\|listocspcerts [--utc]"`
			`echo " listacerts\|listgroups\|listcainfos [--utc]"`
			`echo " listcrls\|listocsp\|listcards\|listall [--utc]"`
			`echo " rereadsecrets\|rereadgroups"`
			`echo " rereadcacerts\|rereadaacerts\|rereadocspcerts"`
			`echo " rereadacerts\|rereadcrls\|rereadall"`
			`echo " purgeocsp"`
			`echo " scencrypt\|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"`
			`echo " barf"`
			`echo " openac"`
			`echo " pluto"`
			`echo " scepclient"`
			`echo " secrets"`
			`echo " starter"`
			`echo " version"`
			`echo " whack"`
			`echo`
			`echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."`
			`exit 0`
			`;;`
			`--versioncode)`
			`fixversion`
			`echo "$version"`
			`exit 0`
			`;;`
			`--copyright)`
			`set _copyright`
			`# and fall through, invoking "ipsec _copyright"`
			`;;`
			`--directory)`
			`echo "$IPSEC_DIR"`
			`exit 0`
			`;;`
			`--confdir)`
			`echo "$IPSEC_CONFS"`
			`exit 0`
			`;;`
			`down)`
			`shift`
			`$IPSEC_EXECDIR/whack --name "$1" --terminate`
- applied patch for charon (this time really) 2006-04-28 07:16:42 +00:00			`if test -e $IPSEC_CHARON_PID`
			`then`
			`$IPSEC_EXECDIR/stroke down "$1"`
			`fi`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`exit 0`
			`;;`
			`listalgs\|listpubkeys\|listcerts\|listcacerts\|\`
			`listaacerts\|listocspcerts\|listacerts\|listgroups\|\`
			`listcainfos\|listcrls\|listocsp\|listcards\|\`
			`listall\|purgeocsp\|rereadsecrets\|rereadgroups\|\`
			`rereadcacerts\|rereadaacerts\|rereadocspcerts\|\`
			`rereadacerts\|rereadcrls\|rereadall)`
			`op="$1"`
			`shift`
			`$IPSEC_EXECDIR/whack "$@" "--$op"`
- applied patch for charon (this time really) 2006-04-28 07:16:42 +00:00			`if test -e $IPSEC_CHARON_PID`
			`then`
			`$IPSEC_EXECDIR/stroke "$op"`
			`fi`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`exit 0`
			`;;`
			`ready)`
			`shift`
			`$IPSEC_EXECDIR/whack --listen`
			`exit 0`
			`;;`
			`reload)`
			`if test -e $IPSEC_STARTER_PID`
			`then`
			`echo "Reloading strongSwan IPsec configuration..." >&2`
			kill -s USR1 `cat $IPSEC_STARTER_PID`
			`else`
			`echo "ipsec starter is not running" >&2`
			`fi`
			`exit 0`
			`;;`
			`restart)`
			`$IPSEC_SBINDIR/ipsec stop`
			`sleep 2`
			`shift`
			`$IPSEC_SBINDIR/ipsec start "$@"`
			`exit 0`
			`;;`
			`route\|unroute)`
			`op="$1"`
			`shift`
			`$IPSEC_EXECDIR/whack --name "$1" "--$op"`
			`exit 0`
			`;;`
			`scencrypt\|scdecrypt)`
			`op="$1"`
			`shift`
			`$IPSEC_EXECDIR/whack "--$op" "$@"`
			`exit 0`
			`;;`
2006-04-28 08:18:47 +00:00			`secrets)`
			`$IPSEC_EXECDIR/whack --rereadsecrets`
			`exit 0`
			`;;`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`start)`
			`shift`
			`exec $IPSEC_EXECDIR/starter "$@"`
			`;;`
			`status\|statusall)`
			`op="$1"`
			`shift`
			`if test $# -eq 0`
			`then`
			`$IPSEC_EXECDIR/whack "--$op"`
- applied patch for charon (this time really) 2006-04-28 07:16:42 +00:00			`if test -e $IPSEC_CHARON_PID`
			`then`
			`$IPSEC_EXECDIR/stroke "$op"`
			`fi`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`else`
			`$IPSEC_EXECDIR/whack --name "$1" "--$op"`
- applied patch for charon (this time really) 2006-04-28 07:16:42 +00:00			`if test -e $IPSEC_CHARON_PID`
			`then`
			`$IPSEC_EXECDIR/stroke "$op" "$1"`
			`fi`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`fi`
			`exit 0`
			`;;`
			`stop)`
			`if test -e $IPSEC_STARTER_PID`
			`then`
			`echo "Stopping strongSwan IPsec..." >&2`
			kill `cat $IPSEC_STARTER_PID`
			`else`
			`echo "ipsec starter is not running" >&2`
			`fi`
			`exit 0`
			`;;`
			`up)`
			`shift`
			`$IPSEC_EXECDIR/whack --name "$1" --initiate`
- applied patch for charon (this time really) 2006-04-28 07:16:42 +00:00			`if test -e $IPSEC_CHARON_PID`
			`then`
			`$IPSEC_EXECDIR/stroke up "$1"`
			`fi`
- import of strongswan-2.7.0 - applied patch for charon 2006-04-28 07:14:48 +00:00			`exit 0`
			`;;`
			`update)`
			`if test -e $IPSEC_STARTER_PID`
			`then`
			`echo "Updating strongSwan IPsec configuration..." >&2`
			kill -s HUP `cat $IPSEC_STARTER_PID`
			`else`
			`echo "ipsec starter is not running" >&2`
			`fi`
			`exit 0`
			`;;`
			`version\|--version)`
			`fixversion`
			`echo "Linux $IPSEC_NAME $version"`
			echo "See \`ipsec --copyright' for copyright information."
			`if [ -f $IPSEC_LIBDIR/distro.txt ]`
			`then`
			`cat $IPSEC_LIBDIR/distro.txt`
			`fi`
			`exit 0`
			`;;`
			`--*)`
			echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
			`exit 1`
			`;;`
			`esac`

			`cmd="$1"`
			`shift`

			`path="$IPSEC_EXECDIR/$cmd"`

			`if test ! -x "$path"`
			`then`
			`path="$IPSEC_LIBDIR/$cmd"`
			`if test ! -x "$path"`
			`then`
			echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
			`exit 1`
			`fi`
			`fi`

			`exec $path "$@"`