embedaddon/strongswan/src/ipsec/_ipsec.in - view

File: [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / ipsec / _ipsec.in
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:45 2020 UTC (4 years, 3 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD

Strongswan

1: #! @IPSEC_SHELL@ 2: # prefix command to run stuff from our programs directory 3: # Copyright (C) 1998-2002 Henry Spencer. 4: # Copyright (C) 2006-2014 Andreas Steffen 5: # Copyright (C) 2006 Martin Willi 6: # 7: # This program is free software; you can redistribute it and/or modify it 8: # under the terms of the GNU General Public License as published by the 9: # Free Software Foundation; either version 2 of the License, or (at your 10: # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 11: # 12: # This program is distributed in the hope that it will be useful, but 13: # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 14: # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15: # for more details. 16: 17: # define a minimum PATH environment in case it is not set 18: PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"} 19: export PATH 20: 21: # set daemon name 22: [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon" 23: 24: # name and version of the ipsec implementation 25: OS_NAME=`uname -s` 26: IPSEC_NAME="@IPSEC_NAME@" 27: IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`" 28: 29: # where the private directory and the config files are 30: IPSEC_DIR="@IPSEC_DIR@" 31: IPSEC_BINDIR="@IPSEC_BINDIR@" 32: IPSEC_SBINDIR="@IPSEC_SBINDIR@" 33: IPSEC_CONFDIR="@IPSEC_CONFDIR@" 34: IPSEC_PIDDIR="@IPSEC_PIDDIR@" 35: IPSEC_SCRIPT="@IPSEC_SCRIPT@" 36: 37: IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid" 38: IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid" 39: 40: IPSEC_STROKE="${IPSEC_DIR}/stroke" 41: IPSEC_STARTER="${IPSEC_DIR}/starter" 42: 43: export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID 44: 45: IPSEC_DISTRO="University of Applied Sciences Rapperswil, Switzerland" 46: 47: command_dir="$IPSEC_DIR" 48: 49: case "$1" in 50: '') 51: echo "$IPSEC_SCRIPT command [arguments]" 52: echo 53: echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page." 54: echo "See <http://www.strongswan.org> for more general information." 55: exit 0 56: ;; 57: --help) 58: echo "$IPSEC_SCRIPT command [arguments]" 59: echo 60: echo "Commands:" 61: echo " start|restart [arguments]" 62: echo " update|reload|stop" 63: echo " up|down|route|unroute <connectionname>" 64: echo " down-srcip <start> [<end>]" 65: echo " status|statusall [<connectionname>]" 66: echo " listalgs|listpubkeys|listcerts [--utc]" 67: echo " listcacerts|listaacerts|listocspcerts [--utc]" 68: echo " listacerts|listgroups|listcainfos [--utc]" 69: echo " listcrls|listocsp|listplugins|listall [--utc]" 70: echo " listcounters|resetcounters [name]" 71: echo " leases [<poolname> [<address>]]" 72: echo " rereadsecrets|rereadcacerts|rereadaacerts" 73: echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall" 74: echo " purgecerts|purgecrls|purgeike|purgeocsp" 75: echo " scepclient|pki" 76: echo " stroke" 77: echo " version" 78: echo 79: echo "Refer to the $IPSEC_SCRIPT(8) man page for details." 80: echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)." 81: exit 0 82: ;; 83: --versioncode) 84: echo "$IPSEC_VERSION" 85: exit 0 86: ;; 87: --directory) 88: echo "$IPSEC_DIR" 89: exit 0 90: ;; 91: --confdir) 92: echo "$IPSEC_CONFDIR" 93: exit 0 94: ;; 95: --piddir) 96: echo "$IPSEC_PIDDIR" 97: exit 0 98: ;; 99: down) 100: shift 101: if [ "$#" -ne 1 ] 102: then 103: echo "Usage: $IPSEC_SCRIPT down <connection name>" 104: exit 2 105: fi 106: rc=7 107: if [ -e $IPSEC_CHARON_PID ] 108: then 109: $IPSEC_STROKE down "$1" 110: rc="$?" 111: fi 112: exit "$rc" 113: ;; 114: down-srcip) 115: shift 116: if [ "$#" -lt 1 ] 117: then 118: echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]" 119: exit 2 120: fi 121: rc=7 122: if [ -e $IPSEC_CHARON_PID ] 123: then 124: $IPSEC_STROKE down-srcip $* 125: rc="$?" 126: fi 127: exit "$rc" 128: ;; 129: leases) 130: op="$1" 131: rc=7 132: shift 133: if [ -e $IPSEC_CHARON_PID ] 134: then 135: case "$#" in 136: 0) $IPSEC_STROKE "$op" ;; 137: 1) $IPSEC_STROKE "$op" "$1" ;; 138: *) $IPSEC_STROKE "$op" "$1" "$2" ;; 139: esac 140: rc="$?" 141: fi 142: exit "$rc" 143: ;; 144: listalgs|listpubkeys|listplugins|\ 145: listcerts|listcacerts|listaacerts|\ 146: listacerts|listgroups|listocspcerts|\ 147: listcainfos|listcrls|listocsp|listall|\ 148: rereadsecrets|rereadcacerts|rereadaacerts|\ 149: rereadacerts|rereadocspcerts|rereadcrls|\ 150: rereadall|purgeocsp|listcounters|resetcounters) 151: op="$1" 152: rc=7 153: shift 154: if [ -e $IPSEC_CHARON_PID ] 155: then 156: $IPSEC_STROKE "$op" "$@" 157: rc="$?" 158: fi 159: exit "$rc" 160: ;; 161: purgeike|purgecrls|purgecerts) 162: rc=7 163: if [ -e $IPSEC_CHARON_PID ] 164: then 165: $IPSEC_STROKE "$1" 166: rc="$?" 167: fi 168: exit "$rc" 169: ;; 170: reload) 171: rc=7 172: if [ -e $IPSEC_STARTER_PID ] 173: then 174: echo "Reloading strongSwan IPsec configuration..." >&2 175: kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0 176: else 177: echo "Reloading strongSwan IPsec failed: starter is not running" >&2 178: fi 179: exit "$rc" 180: ;; 181: restart) 182: $IPSEC_SBINDIR/$IPSEC_SCRIPT stop 183: sleep 2 184: shift 185: exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@" 186: ;; 187: route|unroute) 188: op="$1" 189: rc=7 190: shift 191: if [ "$#" -ne 1 ] 192: then 193: echo "Usage: $IPSEC_SCRIPT $op <connection name>" 194: exit 2 195: fi 196: if [ -e $IPSEC_CHARON_PID ] 197: then 198: $IPSEC_STROKE "$op" "$1" 199: rc="$?" 200: fi 201: exit "$rc" 202: ;; 203: secrets) 204: rc=7 205: if [ -e $IPSEC_CHARON_PID ] 206: then 207: $IPSEC_STROKE rereadsecrets 208: rc="$?" 209: fi 210: exit "$rc" 211: ;; 212: start) 213: shift 214: if [ -d /var/lock/subsys ]; then 215: touch /var/lock/subsys/ipsec 216: fi 217: exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@" 218: ;; 219: status|statusall) 220: op="$1" 221: # Return value is slightly different for the status command: 222: # 0 - service up and running 223: # 1 - service dead, but /var/run/ pid file exists 224: # 2 - service dead, but /var/lock/ lock file exists 225: # 3 - service not running (unused) 226: # 4 - service status unknown :-( 227: # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) 228: shift 229: if [ $# -eq 0 ] 230: then 231: if [ -e $IPSEC_CHARON_PID ] 232: then 233: $IPSEC_STROKE "$op" 234: fi 235: else 236: if [ -e $IPSEC_CHARON_PID ] 237: then 238: $IPSEC_STROKE "$op" "$1" 239: fi 240: fi 241: if [ -e $IPSEC_STARTER_PID ] 242: then 243: kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null 244: exit $? 245: fi 246: exit 3 247: ;; 248: stop) 249: # stopping a not-running service is considered as success 250: if [ -e $IPSEC_STARTER_PID ] 251: then 252: echo "Stopping strongSwan IPsec..." >&2 253: spid=`cat $IPSEC_STARTER_PID` 254: if [ -n "$spid" ] 255: then 256: kill $spid 2>/dev/null 257: loop=110 258: while [ $loop -gt 0 ] ; do 259: kill -0 $spid 2>/dev/null || break 260: sleep 0.1 2>/dev/null 261: if [ $? -ne 0 ] 262: then 263: sleep 1 264: loop=$(($loop - 9)) 265: fi 266: loop=$(($loop - 1)) 267: done 268: if [ $loop -le 0 ] 269: then 270: kill -KILL $spid 2>/dev/null 271: rm -f $IPSEC_STARTER_PID 272: fi 273: fi 274: else 275: echo "Stopping strongSwan IPsec failed: starter is not running" >&2 276: fi 277: if [ -d /var/lock/subsys ]; then 278: rm -f /var/lock/subsys/ipsec 279: fi 280: exit 0 281: ;; 282: up) 283: shift 284: if [ "$#" -ne 1 ] 285: then 286: echo "Usage: $IPSEC_SCRIPT up <connection name>" 287: exit 2 288: fi 289: rc=7 290: if [ -e $IPSEC_CHARON_PID ] 291: then 292: $IPSEC_STROKE up "$1" 293: rc="$?" 294: fi 295: exit "$rc" 296: ;; 297: update) 298: if [ -e $IPSEC_STARTER_PID ] 299: then 300: echo "Updating strongSwan IPsec configuration..." >&2 301: kill -HUP `cat $IPSEC_STARTER_PID` 302: exit 0 303: else 304: echo "Updating strongSwan IPsec failed: starter is not running" >&2 305: exit 7 306: fi 307: ;; 308: aikgen|pki) 309: # programs in BINDIR may be called directly, these two are listed for legacy reasons 310: command_dir="$IPSEC_BINDIR" 311: # fall through 312: ;; 313: attest|conftest|dumm|irdumm|pool|pt-tls-client|scepclient|stroke|\ 314: duplicheck|error-notify|imv_policy_manager|load-tester|lookip|whitelist|\ 315: _updown|_imv_policy) 316: # fall through 317: ;; 318: copyright|--copyright) 319: set _copyright 320: # fall through 321: ;; 322: version|--version) 323: printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n" 324: printf "$IPSEC_DISTRO\n" 325: printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n" 326: exit 0 327: ;; 328: --*) 329: echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2 330: exit 2 331: ;; 332: *) 333: echo "$0: unknown command \`$1' (\`$IPSEC_SCRIPT --help' for list)" >&2 334: exit 2 335: ;; 336: esac 337: 338: cmd="$1" 339: shift 340: 341: path="$command_dir/$cmd" 342: 343: if [ ! -x "$path" ] 344: then 345: echo "$0: unknown command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2 346: exit 2 347: fi 348: 349: exec $path "$@"